On Tue, 2013-09-24 at 10:55 -0700, Justin wrote: > Hi all, > > > > I'm using Tomcat 7 and Waffle on a Windows server for NTLMv2 SSO Negotiation. > Specifying "<role-name>BUILTIN\Administrators</role-name>" allows me to > restrict access to individual webapps to only local system administrators, as > desired. > > https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatSingleSignOnValve.md > > > This works great for my web browsers which have built-in support. Now I'm > trying to write a Java client application. The documentation I've come across > either involves using credentials (not desired) or leveraging SSPI and > manually exchanging the 3 messages between server and client. > > http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html > http://code.dblock.org/pure-java-waffle > > http://larryboymi.blogspot.com/2012/03/in-my-last-post-i-had-successfully-used.html > > > Are there any better references or examples out there for using SSPI with > httpclient? I'd like to avoid Kerberos because it requires: 1) Windows > registry change, 2) SPN, 3) login.conf, 4) krb5.ini, 5) user session key, and > sometimes 6) keytab. Will httpclient improve support for SSPI or any other > means to achieve SSO from Java client applications? Are there other > non-commercial solutions (i.e. not Jespa)? > > > > Thanks, > Justin >
Justin I am not sure there is anyone on this list who could help you with that. What you could do though is to try out experimental integrated Windows authentication, which I believe is based on Waffle. It is still an early prototype but might be a good starting point for you. http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/ Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
