8

I have a feeling I've stumbled into a technical black hole. There have been many questions and not many (recent) answers out there.

Short summary:

I have a Windows environment operating with a domain controller and Active Directory implementation (soon to be operating with Quest's Authentication Services). I have a series of Spring-based web applications I want to deploy to this environment and we need them to operate seamlessly with Single Sign-On using the domain credentials.

It looked like the answer was this:

http://blog.springsource.org/2009/09/28/spring-security-kerberos/

I was informed by some of the local AD admins that ktpass, though, was an unsafe (principals and keys stored in plain-text file) and outdated solution. Given the blog linked above is 3 years old, it was tough to argue.

Then I came across this:

http://forum.springsource.org/showthread.php?134465-JDK-7-0-and-Spnego-Extension-don-t-work!

Posted just a week or so ago, it looks like recent efforts to integrate SPNEGO extensions have shown that it's incompatible with JDK 7 and no longer supported!

It seems like this would be a common thing for people to want to do. I'm surprised that with a framework as widespread as Spring that there's not a simple way to achieve this. Is there another approach I haven't found in the documentation?

Thanks for any insights or suggestions.

Raevik
  • 1,945
  • 9
  • 32
  • 53
  • Why don't you look at the LDAP provider from spring security as given in this thread http://stackoverflow.com/questions/84680/how-do-you-authenticate-against-an-active-directory-server-using-spring-security and spring documentation http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ldap.html – Arun P Johny Feb 07 '13 at 03:52
  • Did you find a solution to this? I am facing exactly the same requirement – Lawrence Tierney Jul 31 '13 at 13:24

1 Answers1

5

Check out WAFFLE.

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

It has a tutorial for using it with Spring Security.

falsarella
  • 12,217
  • 9
  • 69
  • 115
sourcedelica
  • 23,940
  • 7
  • 66
  • 74
  • 8
    Keep in mind the words here ".. when running on Windows.." - WAFFLE depends on native windows libraries on the box your webapp may be running on, so will fail at runtime on *non* Wintel servers. It may seem obvious but it caught me out. It worked fine on my Win7 dev environment but bombed when deployed to our Linux VMs. Doh. – David Victor Sep 26 '14 at 06:55