________________________________
From: Oleg Kalnichevski <[email protected]>
To: Justin <[email protected]>
Cc: "[email protected]" <[email protected]>
Sent: Wednesday, September 25, 2013 2:54 AM
Subject: Re: Help with httpclient and SSPI
On Tue, 2013-09-24 at 10:55 -0700, Justin wrote:
> Hi all,
>
>
>
> I'm using Tomcat 7 and Waffle on a Windows server for NTLMv2 SSO Negotiation.
> Specifying "<role-name>BUILTIN\Administrators</role-name>" allows me to
> restrict access to individual webapps to only local system administrators, as
> desired.
>
> https://github.com/dblock/waffle/blob/master/Docs/tomcat/TomcatSingleSignOnValve.md
>
>
> This works great for my web browsers which have built-in support. Now I'm
> trying to write a Java client application. The documentation I've come across
> either involves using credentials (not desired) or leveraging SSPI and
> manually exchanging the 3 messages between server and client.
>
> http://hc.apache.org/httpcomponents-client-4.3.x/ntlm.html
> http://code.dblock.org/pure-java-waffle
>
> http://larryboymi.blogspot.com/2012/03/in-my-last-post-i-had-successfully-used.html
>
>
> Are there any better references or examples out there for using SSPI with
> httpclient? I'd like to avoid Kerberos because it requires: 1) Windows
> registry change, 2) SPN, 3) login.conf, 4) krb5.ini, 5) user session key, and
> sometimes 6) keytab. Will httpclient improve support for SSPI or any other
> means to achieve SSO from Java client applications? Are there other
> non-commercial solutions (i.e. not Jespa)?
>
>
>
> Thanks,
> Justin
>
Justin
I am not sure there is anyone on this list who could help you with
that.
What you could do though is to try out experimental integrated Windows
authentication, which I believe is based on Waffle. It is still an early
prototype but might be a good starting point for you.
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/httpclient-win/
Oleg
Hi Oleg,
That's what I'm looking for, thanks! Glad to see it is covered.
BTW, I did write a working Java client based off that blog post. Hopefully I
will be able to use httpclient in the near future.
Justin
