Active Directory --> Java web app
Nikola Milutinovic
Nikola.Milutinovic at ev.co.yu
Mon Aug 1 08:57:36 EDT 2005
Richard Gundersen wrote:
> Hi
>
> I have written a Java web application which has a basic password login
> screen. This works fine, but I would now like to allow users into my
> system if they have previously authenticated against Active Directory.
> I.E. if they can provide a valid kerberos ticket, I'll let them
> straight through. NB I do not maintain the instance of Active
> Directory; it actually belongs to another organisation.
>
> Could anyone suggest a good way for me to do this. I guess I need to
> address the following:
>
> 1) How will AD pass it's ticket to my system?
> 2) How will I verify the ticket? (GSS-API?)
> 3) I know MS have done some dodgy things to their tickets
> (non-standard flags). Do I need to worry about them for this reason?
Oh, and just a side-note - one could sit down and WRITE a SPNEGO
authenticator, just noone has done it, yet.
Nix.
More information about the Kerberos
mailing list