Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Can silent login be achieved?

 
Kelly Dolan
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a JBoss web application that currently uses FORM-based authentication to request a userid/password from a user and once submitted, a custom login module contacts a custom security service to authenticate the user. This works perfectly.

I now want to change this scenario to be able to auto-detect the userid/password with which the user logged into his Windows workstation, pass this information along with the initial HTTP request, have the custom login module contact the custom security service and authenticate the user. In the case the credentials are not valid, display the "denied" version of the form and let the user enter a different userid/password.

I have been researching this, read many articles about windows integration authentication and tried to prototype something that works. I have applied changes to IE as the articles describe but I bypass the instructions for configuring the server to use login modules that authenticate the credentials with Windows itself because this is not what I need to do. Unfortunately, I have yet to get my scenario to work.

Has anyone ever tried to do this? Does anyone know if it is even possible? All thoughts, suggestions, etc. are greatly appreciated.

Kelly
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This blog entry talks about using the Windows Login for web apps, and indicates that it is possible without too much work.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic