Active Directory --> Java web app

Michael B Allen mba2000 at ioplex.com
Fri Dec 15 12:48:43 EST 2006


On Fri, 15 Dec 2006 08:31:37 -0800 (PST)
Vidya Sreedharan <vidzmail at yahoo.com> wrote:

> Hi Richard,
>    
>   I have a similar requirement in my project for SSO with Active Directory . Users should be allowed to login to their Windows desktop and not have to authenticate themselves to any web apps deployed under Tomcat. 
>    
>   I have been doing research on this for few days. We already use JOSSO in our project for Single sign-on. But from what i read about the integration of JOSSO with Active Directory i have understood that it does not support SPNEGO. So i need to enter my user name and password even though i have already logged into my Windows Desktop. So JOSSO is not a good solution to my problem. 
>    
>   I also read about few third party tools like centrify, Vintela and SPNEGO SSO. But none of them are opensource. The only opensource i could find was Apache server Kerberos/SPNEGO module. Is it possible to run Apache Web server as the frontend for tomcat and make it do the authentication part and then route the requests to Tomcat. I tried searching in the net but was not able to get any useful links. I think you were also working on similar stuff. Did it work for you without problems?

The only opensource SPNEGO SSO in Java I know of is jcifs-ext but it's
not supported and I'm not sure how many people are using it. I think the
jboss people were may be taking it under their wing though. You might
want to ask there.

Note that the most popular Java SSO solution (free or otherwise) is
the NTLM filter from jcifs (regular jcifs, not jcifs-ext). It doesn't
support delegation but it's mind numbingly easy to use and scales through
the roof.

Mike

-- 
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/



More information about the Kerberos mailing list