Filter with "HTTP Negotiate "/SPNEGO/Kerberos against Active Directory with LDAP 2006-12-15 - By Morten Mortensen
Back
Regarding "HTTP Negotiate",
- I am on the lookout for people interested in SSO from a browser to
Tomcat and against a Windows Domain Controller/Active Directory through
LDAP with the purpose of creating a stand-alone servlet filter.
Configuration on network:
1) Active Directory (Windows Domain Controller) accessible through
LDAP on network #1.
2) Client browsers (IE, Firefox) on Windows machines on network #1
logged in to the domain controller in 1).
3) Web application running on Tomcat on network #2 with only i) HTTP
access from network #1->#2 and with ii) LDAP access from network #2->#1.
Until now, I have been unable to find any simple, open source
implementations of such a filter. I have noticed the old jCIFS-Ext work
on SourceForge, the improvements made by the Jboss project and the
inclusion of SPNEGO in the new Java 6 JSE.
Until now, I can make my browser activate a "HTTP Negotiate" with the
mechanisms Microsoft Kerberos 5/Kerberos 5/NTLM and handle the headers
themselves in a prototype servlet filter on my 3) Tomcat server.
I am also able to access the Active Directory in 1) through LDAP and the
GSS-API using Kerberos - with a standalone test-program and of course
written in Java.
I am not interested in NTLM SSO and no valves. I am interested in a
standalone filter handling SSO by using HTTP Negotiate with
SPNEGO+Kerberos and verifying tickets by LDAP handshake. With source
code, that is. My target is Java 6 + Tomcat 5.5+.
Has anyone done this? Where to find this filter?
Regards
Morten Sabroe Mortensen
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
|
|
