• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

SSO by NTLM and jCIFS API

 
Ranch Hand
Posts: 53
Eclipse IDE Spring Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

I try to implement single sign on by NTLM for our new web site with jCIFS. I set up the NTLM filter like this:

When I try to access the app I get the login dialog and when I input a valid username and password the app server (WebLogic 8.1) shows this error message:

The IP of the domain controller is ok, I can even lock my acount if I try to access the site three times with my username. So the error message must be wrong. Browser version is IE 6.
Anybody an idea what I miss or do wrong?

Cheers,
Ernie
 
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I did try NTLM authentication using jciFS . It did work sometimes., but sometimes the Domain Controller threw a 'Access Violation' exception. I didnt have the time and energy to figure out what was wrong. So I took an alternate approach.

I setup Apache WebServer with the kerberos module (mod_kerberos). I then used mod_jk connnector to connect Apache with Tomcat.

So with this setup, Apache does the SSO authentication and passes in the logged in user id as a request attribute to Tomcat. Tomcat grabs the user id, queries Active Directory and gets the user's group and sets appropriate access permission.

Not pretty, but it works for me.
 
Richard Green
Ranch Hand
Posts: 536
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
there is an article on the jboss site (google for 'NegotiateKerberos') regarding this. it didn't work for me, but you may try.
 
reply
    Bookmark Topic Watch Topic
  • New Topic