How automatically log in with Windows credentials in java?

Question

I want to automatically authenticate, 'active directory users', which are logged in to their windows, in my applications. in short, i want SSO for my applications using windows credentials. **Client is React and back-end is Java 8 and Spring 4.1.2 and Spring Security is 3.2.5.

I already authenticate and search 'active directory users' in my applications, using spring LDAP 3.2.5. but users should submit their username and password when they use browser.

I have read about 'Integrated Windows Authentication' (IWA), 'Kerberos', 'NTLM'. should I use NTLM instead of LDAP ??? or, should I use Kerberos ??? or, should I use ADFS ???

should I config anything in active directory for that ??? **I cant config anything in active directory

should I get windows credentials programmatically in react and send it to server and from server I should send that credentials to active directory to verify it ???

I don't know but, should I say any thing in my 'HTTP response' to 'HTTP OPTION Request' to force browser to set windows credentials in next request ??

and, thanks for your time.

Which web server and OS are you using? – Gabriel Luci Sep 18 '19 at 14:14 — Gabriel Luci, Sep 18 '19 at 14:14
linux in server. Windows in client for sure – Ali Dahaghin Sep 18 '19 at 14:28 — Ali Dahaghin, Sep 18 '19 at 14:28
Which web server? Apache? – Gabriel Luci Sep 18 '19 at 14:34 — Gabriel Luci, Sep 18 '19 at 14:34
Do you find a solution?I am same situtation. – Bilgehan Mar 30 '20 at 14:38 — Bilgehan, Mar 30 '20 at 14:38

score 6 · Accepted Answer · answered Sep 18 '19 at 15:17

There are a couple ways to do this:

Windows Authentication

This is best for the user as it is a seamless login. If the website is trusted, then the browser will automatically send the credentials of the currently-logged-on user to the site.

In this case, the web server (Tomcat in this case) handles the authentication and passes the credentials to the application. If you were using IIS and Windows, the setup would be super easy. But with Tomcat on Linux, it's a little harder. You need to setup kerberos, which requires setting up SPN (Service Principal Name) values on the domain so that your server is trusted on your domain to authenticate. The full instructions for setting this up in Tomcat 8 are here: Windows Authentication How-To

Once that is setup, your website needs to be trusted by the browsers. If your site is recognized as an intranet site, then this should already be true. If not, then your site's domain needs to be added to the Trusted Sites in the Internet Options on the client computers. This can also be done via Group Policy. That will work for IE and Chrome. Firefox uses its own network.negotiate-auth.delegation-uris setting.

Forms Authentication

Another way is to use a login page to ask the user for their username and password, then authenticate them via LDAP in your Java application code. I will assume you know how to setup a login page, so you just need to know how to verify the credentials. You can use the answer here for that code. That answer has the code in a console app, but you can pull out the code that takes the username and password and verifies it.

This is arguably easier to setup, but at the cost to the user.

How automatically log in with Windows credentials in java?

1 Answers1