[TriLUG] Java and AD Authentication

Alexey Toptygin alexeyt at freeshell.org
Mon Nov 28 11:02:29 EST 2011 

I've never heard of quite what you're describing, but there is a way that 
the browser on a windows machine can automatically authenticate to an IIS 
web server in the same AD domain, often called 'NTLM authentication' but 
often also referred to as 'integrated windows authentication' or just 
'single sign on'. There's no really authoritative web resource I can point 
you at, but if you google for "ntlm http authentication" you'll find lots 
of related stuff.

Apache does not natively support this sort of auth, but a company I used 
to work for (geminisecurity.com) sold an apache plugin that would enable 
it to do so. Firefox doesn't aupport this out of the box, but there's 
apparently a way to enable it (add firefox to the search terms). IIS and 
Explorer both support it.

 			Alexey

On Mon, 28 Nov 2011, Brian McCullough wrote:

> Folks,
>
> I am going to ask here because I know that there are some deep resources here, including pointers to other groups or web links.
>
>
> I am working with some Java code that I have inherited, using Spring Security version 2, and have been asked to add the ability to authenticate against an Active Directory server in the same environment ( network ).
>
> The idea is to use the existing environment to provide information about the person already logged in, and ask the AD server for further roles and permissions.
>
> All of the research that I have been doing points at using the AD server as an LDAP server ( as far the the Spring Security module is concerned ), with or without the "internal" login prompt that it would provide.
>
> However, in a very brief conversation, someone suggested that there was a SOAP way to do this that would just "automagically KNOW" who was logged in, and carry on the conversation with the AD server in the background.
>
> None of my searches seem to be turning up anything that looks appropriate, maybe I am just not reading things correctly.
>
> Does anybody know of this integration technique linking Java with, I guess, a web service provided by the AD server, that would just "know" what it needs to know about the current user?  I guess that the Java application is running on the client browser, talking to Tomcat on the web server, and also to the AD server.
>
>
> Thanks,
> Brian
>
>

More information about the TriLUG mailing list