Is there an apache module that implements Kerberos authentication for use by Tomcat and also supports Kerberos delegation? I've already looked at mod_spnego and it throws away the SSPI context it creates only keeping the principal name. Instead, I'm looking for a module that would allow for the delegation of the ticket sent to Tomcat -...
The two WWW-Authenticate additions Microsoft makes use of that I am currently aware of are NTLM Negotiate If Negotiate is sent down from the server, based on a set of conditions Kerberos will be used Intranet Zone Accessing the server using a Hostname rather then IP Integrated Windows Authentication in IE is enabled, the host is tr...
I have an application that is served using jetty 6.1.12 from serverA. serverA is kerberized using the spnego filter and runs fine when I run it from the browser. I am now trying to access a different site (serverB) from one of the classes in the serverA. This new site uses the same authentication scheme i.e., if user can see pages on ser...
I'm attempting to implement a simple Single Sign On scenario where some of the participating servers will be windows (IIS) boxes. It looks like SPNEGO is a reasonable path for this. Here's the scenario: User logs in to my SSO service using his username and password. I authenticate him using some mechanism. At some later time the user ...
I was building an Active Directory Single Sign-On authentication system for Java web applications (using SPNEGO/Kerberos), and everything works fine with either Firefox or (reportedly) Safari, but Internet Explorer causes an exception: GSSException: Channel binding mismatch (Mechanism level: ChannelBinding not provided!) In fact, I th...
I need to offer SSO for Windows users in a Seam web application. In our previous project (non-Seam) we used a modified jcifs NTLM filter to handle this, but the solution is crappy, cannot support NTLMv2 and is not supported by jcifs anymore. JBossNegotiation seems to offer SPNEGO support for JBoss, but I couldn't find any information on...
Hi I've been working on a project which uses SPNEGO to have Single Sign On for a Java based webapp. At the moment, it is working successfully with Jetty + SPNEGO and Active Directory so if you visit my test page, it can output the auth_user as well as the Negotiate token if the browser has been configured properly. The next step of th...
Hi Configure Integrated Authentication in a java web server (Apache)so that authenticated users can access sharepoint services without prompting for credentials. folllowed spnego doc. still seeing the credentials pop up. the server warning: NTLM downgraded to basic. try to cahnge the spnego.auth.basic = false, but the server is failin...