Having worked on something similar for an internal project, I can tell you that properly handling the entire spectrum of Microsoft authentication protocols is extremely difficult, if not outright impossible. Certain parts are easy - for example, if the only case you need to support is Kerberos 5 via HTTP Negotiate, it's relatively straightforward to write Shiro-based code to handle that scenario using JGSS. If you need to handled mixed deployments (e.g. domain versus non-domain, different browsers, different versions of browsers, different versions of Windows, even the presence/absence of other Microsoft software) though, you run into all kinds of issues because nearly every configuration seems to do something different.
I do have some code that I've been planning to contribute back to the project, but in its current state, it is not sufficiently robust (i.e. doesn't properly handle enough of the cases) and also relies on other internal code that cannot be redistributed. However, I can certainly provide pointers on how to handle certain situations if you'd find that to be useful. On Sun, Sep 11, 2011 at 5:00 PM, Bengt Rodehav - [email protected] wrote: > Hello, > > I need to find a way to get the currently logged in Active Directory user > (on the server side) in a web application. This is commonly done in the > Microsoft World with IIS/SharePoint/.NET technology stack. I've used java > based software (Spring Security / Acegi) that enables authentication against > Active Directory (like I believe Shiro does). But this still means that the > user has to fill in the user and password again and explicitly login > although s/he is already authenticated in AD. > > I think it is necessary for us to have a "standard" solution to this in the > java world. I was hoping that Shiro could take on this challenge. I read > about a similiar request on Shiro's mailing list but I haven't seen it > resulting in anything ( > http://shiro-user.582556.n2.nabble.com/SSO-with-a-Windows-domain-td6236647.html > ). > > Does anyone know if any work is being done in this area? > > /Bengt >
