1

We would like to implement following logon mechanism to authenticate users against AD between Java and .NET applications hosted in different application containers.

Our server setup is

  • One linux web server with Tomcat on it - this is where our java apps resides

  • One windows web server with IIS on it - this is where the legacy .net apps resides. [authentication can be done via windows integrated authentication - we don't want to change this - unless no other way]

  • One domain controller - win 2008

Our aim is to implement authentication mechanism where any user can login through a form via AD [Active Directory] credentials to our login page which is hosted either on .NET or Java. After authentication is completed successfully,user should browse pages without his/her credentials being asked again.

Reason we need it is we have couple .Net apps which design to use integrated authentication with IIS - and we are designing new Java interfaces where we would like to centralize authentication with a login form where user can login agains AD and switch between .NET and Java apps where the authentication is still valid until it expires or etc.

I heard about SPNEGO project but not sure what kind of setup we need to implement above scenario.

It would be nice if we need no modification to .NET site setup since we don't want to maintain those apps anymore. All helps are welcome and greatly appreciated.

Thanks in advance,

ED

programmersmurf
  • 83
  • 8
  • I might be wrong, but I think SPNEGO is mainly a way to get the "native" OS credentials in your browser. That is, if a user is using Windows and is logged into Windows over AD, your webapp can check that *without* having to use a login form. (There might be a way to do what you're describing, but I don't think it's using SPNEGO.) – millimoose Jun 15 '12 at 21:15
  • Did you see this? http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux It is one thing to login from Java via LDAP but if IIS is set up for Windows Authentication that is kind of automatic so I don't know how you would hook into that credential. – paparazzo Jun 15 '12 at 21:29
  • Thanks for the feedbacks but still not what I am looking for – programmersmurf Jun 19 '12 at 17:51
  • Have you considered creating an authentication service using something like Redis (http://redis.io/)? If the user is not already authenticated for your group of services/applications, then then user is forwarded to the login page of the authentication service. The authentication application is solely responsible for gathering login information and storing that in the Redis database for other services to access. This would hopefully mean minimal modifications to your .NET code for storing/accessing authentication, and a single API could be created to be included in each of your Java services. – Pytry Dec 12 '14 at 16:48

0 Answers0