Please use this guide to setup IIS with Tomcat as Reverse Proxy and rewrite HTTP header to pass to reverse proxy Tomcat Web Server
Setup Tomcat on Windows:
- Download and install Java 8 for Windows http://www.java.com/en/download/manual.jsp
- Download and install Tomcat 8 for Windows http://tomcat.apache.org/download-80.cgi . Install it as a service and keep default port 8080
- Create test.jsp file under Tomcat ROOT i.e. C:\Program Files\Apache Software Foundation\Tomcat 8.0\webapps\ROOT folder and add below contents to the test.jsp page which will be used to test for getting headers from the webpage
<% out.println("<ul>"); java.util.Enumeration names = request.getHeaderNames(); while (names.hasMoreElements()) { String name = (String) names.nextElement(); String value = request.getHeader(name); out.println(" <li> <b>" + name + "=</b>" + value +"</li>"); } out.println("</ul>"); %>
- Check Tomcat Service Status by Double Clicking Tomcat Service Manager from System Tray Icon.
- Test by opening http://localhost:8080 or http://127.0.0.1:8080 , it should open default Apache Tomcat Page.
- Now we can test our test.jsp page to retrieve headers from the Webpage. Open http://localhost:8080/test.jsp or http://127.0.0.1/test.jsp . You should see all HTTP headers from that particular Web Page for that session
Setup IIS:
- Install IIS Role from Server Manager
- Download and install IIS ARR ( Application Request Routing ) http://www.iis.net/expand/ApplicationRequestRouting to enable Proxy support in IIS
- Download and install ISAPI_Rewrite plugin for IIS http://www.helicontech.com/isapi_rewrite/download.html - Download Lite version which is free and has Rewrite features we want to use
- Go to IIS Manager and Double Click the "Application Request Routing Cache" Icon from the Right Pane
- Enable Proxy from "Server Proxy" Setting on Right Pane in ARR. Enable Proxy and set Reverse Proxy as 127.0.0.1:8080 to proxy HTTP requests coming on IIS port 80 to Tomcat on port 8080
- Set Authentication for "Default Website" in IIS. Disable Anonymous Authentication and Enable "Basic Authentication"
- Add Rewrite Rule through "Helicon Ape" to set authenticated user as X-pi-sso-user header. Navigate to "Default Website" in Left Pane and double click on "Helicon Ape" icon to open up .htaccess file and add below mentioned two lines and save the file. We can also directly edit C:\inetpub\wwwroot\.htaccess outside of IIS. By default, IIS stores authenticated user as value in variable called REMOTE_USER so we are creating new header called X-pi-sso-user and assigning value from this REMOTE_USER variable so that this header can be passed to the Backend Reverse Proxy Server to make use of this header for further processing of Web Requests.
- Restart the IIS Server to let all changes applied and effective. We can restart either from IIS Manager by clicking on Restart from Right Pane
Testing:
- Open http://localhost/test.jsp from the same Windows Computer or http://win2008-test.cloudapp.net from outside World, it should prompt for Credentials
- Please provide credentials as any valid Windows User available on Windows IIS Server e.g. adminuser
- If you provide valid credentials, it will proxy request to Tomcat and will process the test.jsp and will display all HTTP headers passed on to the Backend Web Server i.e. Tomcat
- Please check if you see "x-pi-sso-user" header and value of this header should be the same user as you authenticated by providing credentials initially
Note
- IIS passes HTTP headers to reverse proxy in lower case only