• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Authentication woes

 
Geoff Tate
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
using jsp/servlet apps on IIS (intranet) we want to be able to capture the currently logged in NT user (NTLM). getRemoteUser() as we all know does not support this. We tried redirecting from a JSP to an ASP that grabs the ServerVariables("LOGON_USER"), drops it in a cookie and redirects back to the JSP. Problem was that the ASP was causing the sessions (this with JRun) to be returned incorrectly, i.e. the clients were getting the wrong session allowing them to see each others data. I also wrote a bean to do a socket connection to the ASP, but an authentication error occurs because there is no way to respond to the NTLM request the ASP requires. We are not fully integrated with AD so LDAP is not a real option at this point. The goal is not to require the users to enter a new set of credentials to get to the apps. Any ideas out there?
 
Adam Hardy
Ranch Hand
Posts: 567
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
why don't you have the users get to the app thro an ASP page to start with? Sort out the LOGON_USER in the ASP and without any session info to worry about, redirect from there to the JSP.
Adam
 
Geoff Tate
Ranch Hand
Posts: 55
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thats what I was thinking but thats a lot of duplication to have an asp for each app that does the same thing. Incidently, sessions are getting mangled without the redirect. Something is up with JRun - I have found people reporting the same problem on the forum. scary.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic