Win a copy of Svelte and Sapper in Action this week in the JavaScript forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Bear Bibeault
  • Junilu Lacar
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • salvin francis
  • Frits Walraven
Bartenders:
  • Scott Selikoff
  • Piet Souris
  • Carey Brown

SSO from JSP to IIS

 
Greenhorn
Posts: 24
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I am trying to implement a simple Single Sign-on solution and have been having pretty hard time getting it to work! I am wondering if you would be able to help me out..
The description of the problem and the attempts I made are presented below.
We have a web app that is restricted and hosted on IIS (windows 2000) server.
Now, I have a JSP that has the following link:
<a href="http://mysite.com/securePage.html">; Secure Page </a>
When the users click on it, they need to be able to access the Secure Page without being prompted for windows challenge (uid/pwd) window. mysite.com is configured to accept both 'BASIC' and 'Intergrated Windows Authentication'.
In the JSP, I know the username, password and domain. Somehow, I need to pass this authentication info to IIS, so that it does not prompt for uid/pwd pop-up.

Some of the approaches tried:
1) <form name="postForm" action="http://username assword@mysite.com" method="post" target="_blank" >
</form>
<a href="javascript ocument.postForm.submit()"> Secure Page </a>
This thows an HTTP 405 (page expired) error. Even trying to access www.yahoo.com gives 405 error. Even if this worked, the uid and pwd will be visible in the browser and so, it is not acceptable.
2) Tried setting HTTP headers (appropriately Base64 encoded) but that did not work either. Here, I am not sure if I am soing the right stuff. Tried using the WWW-Authenticate and Authenticate headers.
3) The following link that has a good thread, but it does not address my prob. It is related, but not of direct help.
http://www.jguru.com/forums/view.jsp?EID=393110
Any leads that you could provide, would be of HUGE help. This has been giving me sleepless nights for a week! It shouldn't be that hard to accomplish this. Not sure where am I doing it wrong.
Thanks,
Anant
 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
did you make any progress or got any leads into this ?
have you thought about JAAS ? this extension is available natively in 1.4 (not in 1.2)
i am also starting out with jaas and found this to be a good example to implement.....

Originally posted by Anant Kadiyala:
Hi,
I am trying to implement a simple Single Sign-on solution and have been having pretty hard time getting it to work! I am wondering if you would be able to help me out..
The description of the problem and the attempts I made are presented below.
We have a web app that is restricted and hosted on IIS (windows 2000) server.
Now, I have a JSP that has the following link:
<a href="http://mysite.com/securePage.html">; Secure Page </a>
When the users click on it, they need to be able to access the Secure Page without being prompted for windows challenge (uid/pwd) window. mysite.com is configured to accept both 'BASIC' and 'Intergrated Windows Authentication'.
In the JSP, I know the username, password and domain. Somehow, I need to pass this authentication info to IIS, so that it does not prompt for uid/pwd pop-up.

Some of the approaches tried:
1) <form name="postForm" action="http://username assword@mysite.com" method="post" target="_blank" >
</form>
<a href="javascript ocument.postForm.submit()"> Secure Page </a>
This thows an HTTP 405 (page expired) error. Even trying to access www.yahoo.com gives 405 error. Even if this worked, the uid and pwd will be visible in the browser and so, it is not acceptable.
2) Tried setting HTTP headers (appropriately Base64 encoded) but that did not work either. Here, I am not sure if I am soing the right stuff. Tried using the WWW-Authenticate and Authenticate headers.
3) The following link that has a good thread, but it does not address my prob. It is related, but not of direct help.
http://www.jguru.com/forums/view.jsp?EID=393110
Any leads that you could provide, would be of HUGE help. This has been giving me sleepless nights for a week! It shouldn't be that hard to accomplish this. Not sure where am I doing it wrong.
Thanks,
Anant

 
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic