The way I understand Shiro's current Active Directory support (I'm using this now), the user needs to provide a username and password to authenticate.
Ideally though, users who are already logged into the Active Directory windows intranet domain (their login to their Windows PC) should simply be able to go to the site and either be denied access (if they don't have access to the app) or let in if they have access (which would be determined by checking for their username in the application's database). I'm not really sure how this works, but I've seen it done and I know stuff like Microsoft's Sharepoint basically does this (it somehow "knows" which user is logged into the PC and limits access to pages accordingly) as well as some commercial software. (I think via Kerberos?) I think this is commonly called "Integrated Windows Authentication" as well as possibly just SSO. If I could get something like this working for any generic Java app in some re-usable form it would be very valued. (We're also using Flex/AMF with GraniteDS for the front end if that matters.) -- View this message in context: http://shiro-user.582556.n2.nabble.com/SSO-with-a-Windows-domain-tp6236647p6241141.html Sent from the Shiro User mailing list archive at Nabble.com.
