Integrate Windows Authentication spring security

Question

Tried waffle working successfully as needed in windows environment but my application server is hosted on *nix environment.
So waffle solutions doesn't meet my requirement.
Tried kerberos solutions quite difficult to configure as compared to Waffle not able to meet my requirement.

My requirement - When user hit the URL of my web application he/she would get be authenticated by windows authentication or if possible can be able to get the remote user or clientname (windows account name) from request object.

Any suggestion would be helpful .

IMHO you'd need a LDAP/Active Directory [integration](http://docs.spring.io/spring-security/site/docs/3.1.x/reference/ldap.html) — Laur Ivan, Feb 01 '17 at 10:00
@LaurIvan: LDAP authentication is already implemented,but currently what i nedded is to implement the windows authentication where able to login application without entering username/password with current windows logged in username. — Taher Mahodia, Feb 01 '17 at 10:06

score 1 · Answer 1 · answered Feb 02 '17 at 08:01

1

If you only have an plain AD (without ADFS), then the only option is to use SPNEGO (spring-security-kerberos) to get 'auto-login' (SSO) to your app. The UserPrincipalName will be provided in the Kerberos token. When generating the keytab file (for your app/service) be sure to use '/crypto all' and take care about the KeyVersionNumber (as 'ktpass' updates/increments the key version within AD). However the clients must be able to obtain a service ticket for your app (i.e. Windows clients must be part of the domain). Also note that IE may fall back to presenting an NTLM token when the client is not able to obtain a Kerberos service ticket. AD and browser config/behavior are more challenging than the server side.

answered Feb 02 '17 at 08:01

Bernhard Thalmayr

2,674
1
11
7

I am using ADFS done configuration by referring this URL http://incepttechnologies.blogspot.in/p/weblogic.html Authentication is success but getting anonymous user from principal name. – Taher Mahodia Feb 02 '17 at 09:07
Which `UserDetailsService` did you configure for the authentication provider? – Bernhard Thalmayr Feb 03 '17 at 09:58
import org.springframework.security.core.userdetails.UserDetailsService; – Taher Mahodia Feb 03 '17 at 10:05
mind if i ask how to obtain that: "The UserPrincipalName will be provided in the Kerberos token."? – Zdenek S. May 08 '20 at 09:18
1

You may find the following thread interesting ... https://stackoverflow.com/questions/4508555/decrypt-kerberos-ticket-using-spnego – Bernhard Thalmayr May 08 '20 at 10:39
thanks for response but my problem is not how to handle token but i dont know how to get it from user pc via http – Zdenek S. May 08 '20 at 18:58

score 0 · Answer 2 · edited May 23 '17 at 12:24

0

achieve what is needed by using reference link

http://kb.kaminskiengineering.com/node/89
NTLM Authentication in a Web Application (java) other who want to achieve more security can go kerberos-spengo also because spring security stop giving support to the above method which i used.

edited May 23 '17 at 12:24

Community

1
1

answered Feb 09 '17 at 04:23

Taher Mahodia

194
2
13

Integrate Windows Authentication spring security

2 Answers2