I am trying ro set up a secure web configuration. My inten is to authenticate users against an application server sitting behind a firewall. To avoid passing username/pasword combinations in cleartext, the web front end uses mod_ssl to create an https session.
Right now there is no problem establishing the https session, but I can't seem to pass parameters from the secure session to the Tomcat apllication sitting behind the firewall.
My current thory is that the listener side of the tomcat connector is listening on port 80, while my data is coming in on port 443. Can anyone at least confirm this to be the case, and possibly suggest a workaround?
Configuration:
world--|--DMZ (Apache w/mod_ssl)--|--Internal Zone (Tomcat Server)
Right now there is no problem establishing the https session, but I can't seem to pass parameters from the secure session to the Tomcat apllication sitting behind the firewall.
My current thory is that the listener side of the tomcat connector is listening on port 80, while my data is coming in on port 443. Can anyone at least confirm this to be the case, and possibly suggest a workaround?
Configuration:
world--|--DMZ (Apache w/mod_ssl)--|--Internal Zone (Tomcat Server)