This document details how to protect a Tomcat web application using SiteMinder.

The document assumes the reader is already experienced in the setup and configuration of SiteMinder Web Agents.

The method described in this document involves using an Apache Web server and Tomcat connector to serve as a proxy for Tomcat.

1. Install the Apache Web Server 2.0 (or other supported version).
   
   The Apache Web Server will act as a proxy for Tomcat protecting the Tomcat application.
   
   
2. Download the Tomcat connector (1).
   
   Ensure to download the correct version for the target Web Server.
3. Install the Tomcat connector.
   
   Copy the DLL (or .so) file downloaded as the connector to the Apache modules folder.
   On a Windows system, this is often C:\Program Files\Apache Group\Apache2\modules.
   Create a mod_jk.conf file.
   In Tomcat 6.0\conf folder create (or edit) a mod_jk.conf file.
   Enter the following information into the file:
   
   LoadModule jk_module " [Full path and name of the tomcat connector] "
JkWorkersFile "[Root folder of tomcat installation] /conf/workers.properties"
JkLogFile " [Full path and name of the logfile to use] "
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
   
   Finally, add the line:
   
   JkMount / [application name] smworker
JkMount / [application name] /* smworker
   
   This will redirect everything sent to the application name specified for Tomcat, For instance:
   
   JkMount /example smworker
JkMount /example/* smworker
   
   This will send all requests received by apache on http://server.example.com/example to be redirected to Tomcat.
   Edit the Web Servers httpd.conf file.
   On a Windows system, this is commonly located in C:\Program Files\Apache Group\Apache2\conf.
   
   At the end of this file, add the line:
   
   include " [tomcat install folder] /conf/mod_jk.conf"
   
   Where [tomcat install folder] is the location of the Tomcat installation.
   Create a worker.properties file in [Tomcat root folder] /conf
   
   Paste the following information into this file:
   
   # Define 1 real worker named smworker
worker.list=smworker
# Set properties for worker named smworker to use ajp13 protocol,
# and run on port 8009
worker.ajp13.type=ajp13
worker.ajp13.host=localhost
worker.ajp13.port=8009
worker.ajp13.lbfactor=50
worker.ajp13.cachesize=10
worker.ajp13.cache_timeout=600
worker.ajp13.socket_keepalive=1
worker.ajp13.socket_timeout=300
   
   In the server.xml file (located in [Tomcat root folder] /conf) ensure the have the following line without comment mark:
   
   <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
   
   Start Apache with the new module using these commands:
   
   apache -k install
apache -k start
   
   Finally, start the Tomcat server.
   
   
4. Install the SiteMinder Apache Web Agent.
   
   Install the SiteMinder Apache Web Agent using the installation wizard as usual.
5. Protect the application.
   
   Use the SiteMinder Administrative Interface (AdminUI) to create a realm with the appropriate resource filter to protect the application mounted with the jkmount command earlier.
   Then create the rules, the policies and the responses to protect the application as usual.
   
   
6. Configure the SiteMinder Apache Web Agent.
   
   Use the Web Agent Configuration Wizard to configure the Apache2 Agent as usual.
   
   
7. Restart the Apache HTTP server.
   
   
8. Test the installation.
   
   The Tomcat application is now protected using Apache Web Agent.
   The browser should be prompted by SiteMinder to provide credentials when accessing the application.

1. The Apache Tomcat Connectors: mod_jk, ISAPI redirector, NSAPI redirector