Java SSO: Kerberos authentication against Active Directory

Question

I\'m still trying to find a Java based solution for SSO (running on *nix), which I can use on JBoss to authorize against an Active Directory/domain controller. I initially t

Answer 1

To do this, you actually need to use LDAP. Luckily for you, Java has solid support for both Kerberos and LDAP. The detailed procedure is at http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html .

Overview of steps:

• Authenticate to Kerberos
• Use Kerberos to assume user identity
• Perform GSSAPI bind to Active Directory LDAP server
• Retrieve group list over LDAP

Answer 2

If you want to debug the kerberos, AD configuration on your machine then you can download the application from the following link. https://github.com/shubham49/debugSSO Download the application and deploy it on weblogic server. After deployment open the home page and you will be encounter different tests to debug the configuration.

Answer 3

I started writing an article as I experimented with kerberos and JBoss, the plan is to have a complete guide for beginners to setup and use kerberos with JBoss. I am not saying it's a complete answer but if you ask questions I can try to answer them and add them to the blog.

the article

Answer 4

You can use Waffle. It's free and supports Negotiate, NTLM and Kerberos. You can also check the group list of the user with it.

"WAFFLE - Windows Authentication Functional Framework (Light Edition) is a native C# and Java library that does everything Windows authentication (Negotiate, NTLM and Kerberos)."

Answer 5

We use Jespa to handle NTLM authentication, we've tested on both Tomcat & Glassfish running on Solaris, IE & Firefox are both supported, and apprently Chrome now supports NTLM too. You will need a license for commercial use though, but I'd definately recommend it.