Tomcat repeatedly prompts for client authentication w/ IIS as web server
Team,
We have an IIS 6 / Tomcat configuration using the Apache supplied ISAPI redirector. The client application is an Applet that is using signed Jars.
The environment has been configured and communication is happening correctly between IIS and Tomcat, and the client applet is functioning properly.
Client Authentication (using Active Directory) is turned on in IIS and is authenticating Users correctly.
The only issue is that the Users are being prompted multiple times (throughout the same session) for their client authentication. The Applet communicates to the server through a single servlet.
This multiple prompting is unacceptable, because if a User does not notice that they have had their cert requested again (sometimes it pops - up minimized, or they are working to fast so it ends up behind the applet), the communication to the servlet is severed and the User ends up with some very bad results.
My question is: How can I make Tomcat stop authenticating clients? We have ONLY allowed the AJP connector to be open, and have set "tomcatAuthenticate" to false so that the RemoteUser and Principle are passed correctly from IIS.
I have attempted "socket_keepalive" in the workers.properties file and even clientAuth=false on the AJP connector (which I believe is not a valid parameter).
Does anyone have an idea of what I should do next? I have not attempted to import my client certificate into Tomcat's keystore yet, and am hoping that that is not the solution.