5

I want to implement Single sign on Websphere-Liberty server using Java. I want to authenticate users using LDAP.

I searched a lot but could not find exact example. I have checked each available example on stack overflow as well. but no luck.

It would be great if one can provide demo or example code for the same.

Thanks in advance.

update : I was able to implement the same with the help of waffle.. but waffle doesn't work with Linux/Unix. .. can anyone please help me?

Andy Guibert
  • 41,446
  • 8
  • 38
  • 61
Yaxita Shah
  • 1,206
  • 1
  • 11
  • 17
  • 1
    use https://wiki.jasig.org/display/casum/home, easy and reliable – Fran Montero Sep 04 '17 at 10:39
  • Do you want the desktop SSO with Windows AD logins? Then check the SPNEGO authentication. If you just want to have SSO between various apps on Liberty, then it is on by default using LTPA, just connect Liberty to the LDAP registry. You need to clarify a bit what you really need. – Gas Sep 18 '17 at 12:42
  • I am looking for SSO in websphere liberty on Linux server. and It should be web based not desktop one. Do you have any code for reference ? – Yaxita Shah Sep 19 '17 at 04:51
  • It is done by default. If you log in to any secured app, you will be loged in to all other secured also on that server. It is using LTPA token. You just need to define security constraints in your app in web.xml to protect the app. And of course configure your Liberty server in server.xml to work with LDAP. The authentication code shouldn't be included in the application, it will be done by server. – Gas Sep 26 '17 at 17:38

3 Answers3

4

waffle dosent support *nix. You can use JASS (Java SE 8 only) with support of Krb5LoginModule which will let you to cache OS ticket.

dharmendra
  • 7,835
  • 5
  • 38
  • 71
1

If you're using LDAP, the authentication can be passed off like Basic. If you know the username and password, append the header "Authorization" with the value "Basic base64_token".

The base64 token is a string that is base64 encoded with your username and password in the format username:password. Ideally, this should work. Let me know if it doesn't work. In that case, we can explore options using SPNEGO.

Code for LDAP in JAVA:

public class Main
{
  public static void main(String[] args)
  {
    //Replace username and password with your username and password
    token = Base64.getEncoder().encodeToString((username + ":" + password).getBytes())
    conn = (HttpURLConnection) endpoint.openConnection();

    // Set the necessary header fields, which in this case is Basic
    conn.addRequestProperty("Authorization", "Basic " + token);

   //Continue to do what you want to do after this. This should authenticate 
  // you to the server
  }
}
ayrusme
  • 506
  • 5
  • 17
  • What does this code have in connection with SSO or with web applications? Just shows how to add basic auth header to the request. – Gas Sep 26 '17 at 17:43
  • The question specifically asks how to use authenticate to a LDAP service with Java. I've worked with and succeeded in communicating with a LDAP service by passing the authentication details as Basic. This should work. I'm waiting for OP's response. – ayrusme Sep 27 '17 at 05:14
0

for specifically windows . Single sign on can be done by using waffle.

For Ldap authentication you can go by spring mvc to simple java class with below lines of code :

    String username = login.getUsername();// "ancb";
    String password = login.getPassword();// "*****";
    String base = "OU=******,DC=InfoDir,DC=DEV,DC=****";
    String dn = "CN=" + username + "," + base;
    String ldapURL = "ldaps://****.systems.**.****:3269";

    // Setup environment for authenticating
    Hashtable<String, String> environment = new Hashtable<String, String>();
    environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    environment.put(Context.PROVIDER_URL, ldapURL);
    environment.put(Context.SECURITY_AUTHENTICATION, "simple");
    environment.put(Context.SECURITY_PRINCIPAL, dn);
    environment.put(Context.SECURITY_CREDENTIALS, password);

    String dynamicLdapaccount = "(CN="+ username +")" ;

        DirContext authContext = new InitialDirContext(environment);

For Single Sign On :

U need to setup Kerberos and Spnego configuration at the server level . for liberty server its server.xml needs modification.

Sandeep Jain
  • 1,019
  • 9
  • 13