Active Directory --> Java web app
Richard Gundersen
richardgundersen at hotmail.com
Mon Aug 1 08:39:53 EDT 2005
Hi
I have written a Java web application which has a basic password login
screen. This works fine, but I would now like to allow users into my system
if they have previously authenticated against Active Directory. I.E. if they
can provide a valid kerberos ticket, I'll let them straight through. NB I do
not maintain the instance of Active Directory; it actually belongs to
another organisation.
Could anyone suggest a good way for me to do this. I guess I need to address
the following:
1) How will AD pass it's ticket to my system?
2) How will I verify the ticket? (GSS-API?)
3) I know MS have done some dodgy things to their tickets (non-standard
flags). Do I need to worry about them for this reason?
Thanks for your help. I know I'm being a bit vague but it's only because I'm
not experienced with Kerberos. If you want me to clarify any requirements
just shout.
Appreciate your help - thanks!
Richard
More information about the Kerberos
mailing list