Active Directory --> Java web app
Bruce Stewart
BruceS at nsfas.org.za
Mon Dec 18 02:59:08 EST 2006
We're using jcifs to implement SSO using with Kerberos (version 1.2.9 released in september 2006) (with Tomcat on Windows and Linux).
1.2.9 was released with a warning (QUOTE: "This package has been reported to work by several users however the code has not been examined carefully by jCIFS maintainers and therefore should be considered highly experimental").
Confusingly...I've just checked....the latest release (1.2.11) does not include the SPENGO classes.
At any rate, using Kerberos, we are able to use IE to automagically get credentials from the KDC, and then use delegation to authenticate/connect to our SQL servers.
The only issues we have had, have been with MS's null "authTime" in the Kerberos tickets, and a jdk bug where ticket times can be wrong because of timezones (a bug fixed in jdk 6 aparently). The former bug was easy to work around, but we have no solution for the latter yet (it's very infrequent, so not a show stopper).
This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this e-mail in error please notify NSFAS immediately. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the organisation.
More information about the Kerberos
mailing list