Single sign using windows credentials

Hi,

I've a requirement of using windows credentials for login into my JSP/servlet based web application instead of the user paswords that I store in database.
I undrestand that some kind of interface is required which would pick up the login credentials from windows, but Iam not sure how to go about it.

Looking forward to inputs for the same.

Cheers
-Aj

I don't think it's possible for a browser to pick up the client Windows username and password - that would be a security violation. But you can use that username and password for authentication once the user has entered those into your login page. The details differ from server to server; Tomcat has the JNDIRealm, which can authenticate against Windows Active Directory.

It won't pickup the password from the client, but the single sign-on functionality is possible if users are using Internet Explorer and you have IIS as a reverse proxy by using Integrated Windows Authentication.

I would recommend searching google for Kerberos and JAAS.


Regards
Jason

I'm not sure i understant your problem i see 2 possibilities:
1) you want to have a popup in wich the user can enter nt username and password (in this case setup a ldap realm base on the active directory)

2) you want a silent log on ! you are in a intranet and you want that the user is automaticaly authenticated. In this case you can use a implementation of ntlm or kerberos. Or wich is my personnal choice trust Microsoft . How you setup iis to force authentication and you create a virtual directory that is based on a isapi filter (they exist for most of the application server (i know them for tomcat , jboss ,oracle oas....). This isapy filter will work like a proxy and forward a request to your application server but if you try a request.getRemoteUser() you will receive the nt username .


I don't know what you need i hope it helps!

Hi,

Thanks Ulf and Jason. I'll explore more on the options that you have given.
Benjamin, here is my exact requirement -
1. A web application (jsp/servlet based) is to be used by windows users in an intranet.
2. Some of the windows users (in the intranet) should be directly able to login into the web application (no login screen) when they access the application.
3. Rest other users, when they try to login should be prompted for a user/password via a login screen.

Thanks
-Aj

Wait just one minute. I have the exact same requirement and nearly the very same environment you mentioned.

I have an IIS6 server with an ISAPI filter directing all requests to a Tomcat 5.5 server.

I implemented Windows Integrated Authentication and my test servlet that looked for getAuthType(), getRemoteUser() and getUserPrincipal() always return null.

I am successfully using the Tagish JAAS module to manually authenticate form collected usernames/passwords, but when I implement a JAASRealm for the application, it is not picking up the username/password from the client (MSIE7). I continue to get null for the above mentioned servlet methods.

I am also a SharePoint admin here and I am trying to produce a similar login-scheme as that with Tomcat. I want my web server, namely Tomcat 5.5 directly or via IIS6, to pickup the client credentials when the client makes the initial request and simply identify (not necessarily authenticate) the user. I just need the username.

Help!