1 2 Previous Next 23 Replies Latest reply: Feb 4, 2010 9:19 AM by 843810 RSS

    SSO Web Authentication against Active Directory - AD

    843810
      Hi, everybody!

      I've read a lot about authentication in other forums. I got a lot of pieces of information but didn't find how to get them together in a working solution.
      I read that there are some kinds of authentications available, like Kerberos, Spenego, NTLM and so on. Well, I know it's boring to ask that, but I would like someone who has implemented a Web Authentication solution that is working well to help me to implement mine. Maybe a summary of how they work in real world would help a lot.

      My current solution is using a NTLM implementation, but the user is prompted the username and password on Firefox and on IE (because of a browser configuration) it sends the user local credentials. If the user changes the configuration on IE he can send whatever he wants. The fact is that I need to authenticate the user against my local domain (i.e. my AD) - it'll be an intranet web application.

      In an offline mock application I could get it done by using kerberos, but I needed to provide the user password. However, in a web environment, I know I can't just get the logged user's password. So, maybe the solution should be implemented on the server instead of the application. I don't really know! This is the point, the information I got until now didn't lead me any further...

      If you have a working solution, please... tell me all steps necessary to get it working here!

      My environment is Java 5 and JBoss 4.0.5 running on MS Windows 2000. The AD is on a Windows 2003 Server machine.

      Any help will be welcome...

      Thanks in advance!
      Marcio Lima
        • 1. Re: SSO Web Authentication against Active Directory - AD
          843810
          Hi, everybody!

          I did a deep search this afternoon and found a jCIFS example which solved my problem, except by the fact that it is an "application based solution" and I need a "server based solution". I mean, I need a solution that is managed by the application server, instead of the application itself. jCIFS works with a <filter> that intercepts all requests to perform the authentication. In the filter params you configure the AD server and your DOMAIN and it does the dirty job for you.

          If you have suggestions about a "server based solution", this post will keep opened.

          If any of you want my example of the jCIFS implementation, feel free to ask me and provide your email.

          Thanks, anyway!

          Marcio Lima
          • 2. Re: SSO Web Authentication against Active Directory - AD
            843810
            I got some code,.execution of which is giving the the user name, domain name* and the machine name. but the problem is : i'm not getting how to extract the password from the message. i'm posting the entire code.


            <%

            String auth = request.getHeader("Authorization");
            if (auth == null)
            {
            response.setStatus(response.SC_UNAUTHORIZED);
            response.setHeader("WWW-Authenticate", "NTLM");
            response.flushBuffer();
            return;
            }
            if (auth.startsWith("NTLM "))
            {
            byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
            int off = 0, length, offset;
            if (msg[8] == 1)
            {
            byte z = 0;
            byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P',
            z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
            (byte)1, (byte)130, z, z,z, (byte)2, (byte)2,
            (byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
            response.setHeader("WWW-Authenticate", "NTLM " +
            new sun.misc.BASE64Encoder().encodeBuffer(msg1));
            response.sendError(response.SC_UNAUTHORIZED);
            return;
            }
            else if (msg[8] == 3)
            {
            off = 30;

            length = msg[off+17]*256 + msg[off+16];
            offset = msg[off+19]*256 + msg[off+18];
            String remoteHost = new String(msg, offset, length);

            length = msg[off+1]*256 + msg[off];
            offset = msg[off+3]*256 + msg[off+2];
            String domain = new String(msg, offset, length);

            length = msg[off+9]*256 + msg[off+8];
            offset = msg[off+11]*256 + msg[off+10];
            String username = new String(msg, offset, length);

            out.println("Username:" + username + "<BR>");
            out.println("RemoteHost:" + remoteHost + "<BR>");
            out.println("Domain:" + domain + "<BR>");
            }

            %>

            Thanks and regards.

            Edited by: User123456 on Apr 8, 2008 6:16 AM
            • 3. Re: SSO Web Authentication against Active Directory - AD
              843810
              Hi,

              I have a requirement where in the user will log into their windows workstation and they will open my Web App (deployed in JBoss AS).
              Now my web app should get only the username/userid of the logged-in user from ActiveDirectoryServer.

              If you can provide me some details like below in order to get the above task done,

              1. What are jCIFS jar files needed and where to be placed in my app package
              2. What are the XML files to be modified on this regard (like, web.xml, jboss-web.xml, etc)
              3. And finally what are the changes to be made in the above XML files and jsp files
              4. Does the JBoss AS require to run only on WINDOWS OS (or) it can run on Linux/unix to get the user info from ActiveDirectoryServer.

              It would be great if you can give me the information. I will be really thankful for your help!!

              If you think you would want to send to my mail, please send to: hellogrp@rediffmail.com

              Regards,
              Bakar
              • 4. Re: SSO Web Authentication against Active Directory - AD
                843810
                HI mferlan,

                I have a requirement where in the user will log into their windows workstation and they will open my Web App (deployed in JBoss AS).
                Now my web app should get only the username/userid of the logged-in user from ActiveDirectoryServer.

                If you can provide me some details like below in order to get the above task done,

                1. What are jCIFS jar files needed and where to be placed in my app package
                2. What are the XML files to be modified on this regard (like, web.xml, jboss-web.xml, etc)
                3. And finally what are the changes to be made in the above XML files and jsp files
                4. Does the JBoss AS require to run only on WINDOWS OS (or) it can run on Linux/unix to get the user info from ActiveDirectoryServer.

                It would be great if you can give me the information. I will be really thankful for your help!!

                If you think you would want to send to my mail, please send to: hellogrp@rediffmail.com

                Regards,
                Bakar
                • 5. Re: SSO Web Authentication against Active Directory - AD
                  843810
                  Hi, everybody...

                  I have a working example using jCIFS I would like to attach here for any of you who need it, but it isn't possible.

                  I'm posting my code bellow. If you can't get it to work, I can send it to you by email.

                  Here follows the steps to get it working. It's quite simple.

                  1) Place the jcifs-1.2.18.jar in your lib directory. Ex: WEB-INF/lib/jcifs-1.2.18.jar
                  2) Set up the jcifs filter in the web.xml file as bellow:
                  <?xml version="1.0" encoding="UTF-8"?>
                  <web-app id="WebApp_ID" version="2.4"
                       xmlns="http://java.sun.com/xml/ns/j2ee"
                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                       xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
                  
                       <display-name>AD Authentication</display-name>
                       <filter>
                            <filter-name>NtlmHttpFilter</filter-name>
                            <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
                            <init-param>
                                 <param-name>jcifs.netbios.wins</param-name>
                                 <!-- here goes the AD server name or IP -->
                                 <param-value>adserver</param-value><!-- 123.45.67.89 -->
                            </init-param>
                            <init-param>
                                 <param-name>jcifs.smb.client.domain</param-name>
                                 <!-- here goes your DOMAIN name -->
                                 <param-value>MYDOMAIN</param-value>
                            </init-param>
                       </filter>
                       <filter-mapping>
                            <filter-name>NtlmHttpFilter</filter-name>
                            <url-pattern>/*</url-pattern>
                       </filter-mapping>
                  
                       <welcome-file-list>
                            <welcome-file>index.jsp</welcome-file>
                       </welcome-file-list>
                  </web-app>
                  That's all!

                  In order to test it, you can build a JSP page as bellow:
                  <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
                  <html>
                  <head>
                  <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
                  <title>AD Authentication Test</title>
                  </head>
                  <body>
                       <font face="verdana">
                            <h2>AD Authentication Test</h2>
                            <%
                                 String userInfo = request.getUserPrincipal().getName();
                                 String[] pieces = userInfo.split("\\\\"); // Firefox sends DOMAIN\USERNAME as UserPrincipal
                                 String username = pieces[pieces.length -1];
                            %>
                            ... and the Oscar goes to: <b><%=username%></b> <br /><br />
                       </font>
                  </body>
                  </html>
                  Again, if you want the war file, I can send it to you.

                  Have a great day!

                  Regards.

                  Marcio Lima
                  • 6. Re: SSO Web Authentication against Active Directory - AD
                    843810
                    I'm closing this topic, but I'm available to clear any doubt you may have.

                    Regards.
                    Marcio Lima
                    • 7. Re: SSO Web Authentication against Active Directory - AD
                      843810
                      Really Great!! Thanks a lot Marcio !!

                      It would be really helpful, if you cound send the war file and the src (if possible/permissible) to my personal mail: hellogrp@rediffmail.com

                      ------
                      Cheers,
                      Bakar
                      • 8. Re: SSO Web Authentication against Active Directory - AD
                        843810
                        Thank you Marcio!

                        Would you please email your war and src as well? to jirvine@radianse.com

                        Thank you in advance it's greatly appreciated!
                        • 9. Re: SSO Web Authentication against Active Directory - AD
                          843810
                          sorry, I put an old email address, the correct one is:joyce.irvine@radianse.com

                          Thanks again!
                          • 10. Re: SSO Web Authentication against Active Directory - AD
                            843810
                            Hello Marcio!

                            Could you please email me your war and src as well?
                            timo.adamek@poet.de

                            Thanks in advance!

                            Timo
                            • 11. Re: SSO Web Authentication against Active Directory - AD
                              843810
                              Hi,

                              I want to use windows authentication for java application for example:

                              I have an application called example.com, now i want to apply windows authentication for this example.com application like when user hit the application URL the user should login automatically with out prompting any user name and password(BCZ he is already a windows authenticated user).can any one help me to solve this.

                              Could you send me the example of the JCIFS implementation?

                              Thanks & Regards,
                              Vamsi.
                              • 12. Re: SSO Web Authentication against Active Directory - AD
                                843810
                                Marcio,
                                do you are brazilian?
                                If do, I'm glad for write in portuguese!!
                                I'm want a war file about JCIFS... can you mail me?
                                edesiomorais@gmail.com
                                • 13. Re: SSO Web Authentication against Active Directory - AD
                                  gaurav_jain
                                  Hi Marcio,

                                  Can you please send me the war file at biet.gaurav@gmail.com.
                                  It is really urgent.

                                  Thanks
                                  Gaurav Jain
                                  • 14. Re: SSO Web Authentication against Active Directory - AD
                                    gaurav_jain
                                    Hi,

                                    I have tried the code given in the post.
                                    But the problem is that it gives me NullPointerException when I run it on IE.

                                    Also can anybody tell me whether it displays the username autheticated on windows or on browser because when I run it on Firefox it shows me the username authenticated on the browser.

                                    Any idea...

                                    Thanks
                                    Gaurav Jain
                                    1 2 Previous Next