How to properly configure Tomcat to allow secure acces to services, did i miss something?
Users and roles are created in ApacheDS and are visible on ArcGIS Manager. Link to free wms service works, after changing service security to private QGIS throws an error - forbidden.
Windows server 2012 R2
ArcGIS Server 10.5
ApacheDS 2.0.0-M23
Apache-tomcat 7.0.65
Web Adaptor Java Windows 105_154008
Windows firewall - off
ApacheDS configuration:
users:
cn: username1
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
sn: username1
uid: username1
userPassword: userpassword
groups:
cn: Administrators
objectClass: groupOfUniqueNames
objectClass: top
uniqueMember: cn=username1,ou=users,ou=system
ArcGIS Server Security - Configuration Settings
1.User and Role Management - Users from an existing enterprise system (LDAP or Windows Domain) and roles from ArcGIS Server's built-in store
2.Enterprise Store Type - LDAP
3.LDAP User Store:
Host name: vms12
Port: 10389
Base DN: ou=system
URL: ldap://vms12:10389/ou=system
RDN attribute: uid
Administrator's DN: uid=admin,ou=system
4.Authentication Tier - Web Tier
Tomcat configuration:
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://localhost:10389"
connectionName="uid=admin,ou=system"
connectionPassword="password"
userBase="ou=system"
userSubtree="true"
userSearch="(uid={0})"
roleBase="ou=system"
roleName="cn"
roleSearch="(uniquemember={0})"
roleSubtree="true"
/>
</Realm>
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\web.xml
<security-constraint>
<web-resource-collection>
<web-resource-name>WMS Services</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrators</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>WMS services</realm-name>
</login-config>
<security-role>
<description>
The role that is required to access the HTML Manager pages
</description>
<role-name>Administrators</role-name>
</security-role>