Spring Security Single Sign On in Windows Environment
Asked Answered
C

1

8

I have a feeling I've stumbled into a technical black hole. There have been many questions and not many (recent) answers out there.

Short summary:

I have a Windows environment operating with a domain controller and Active Directory implementation (soon to be operating with Quest's Authentication Services). I have a series of Spring-based web applications I want to deploy to this environment and we need them to operate seamlessly with Single Sign-On using the domain credentials.

It looked like the answer was this:

http://blog.springsource.org/2009/09/28/spring-security-kerberos/

I was informed by some of the local AD admins that ktpass, though, was an unsafe (principals and keys stored in plain-text file) and outdated solution. Given the blog linked above is 3 years old, it was tough to argue.

Then I came across this:

http://forum.springsource.org/showthread.php?134465-JDK-7-0-and-Spnego-Extension-don-t-work!

Posted just a week or so ago, it looks like recent efforts to integrate SPNEGO extensions have shown that it's incompatible with JDK 7 and no longer supported!

It seems like this would be a common thing for people to want to do. I'm surprised that with a framework as widespread as Spring that there's not a simple way to achieve this. Is there another approach I haven't found in the documentation?

Thanks for any insights or suggestions.

Cultivar answered 6/2, 2013 at 14:15 Comment(2)
Why don't you look at the LDAP provider from spring security as given in this thread #85180 and spring documentation static.springsource.org/spring-security/site/docs/3.1.x/…Tuberculosis
Did you find a solution to this? I am facing exactly the same requirementGlary
S
5

Check out WAFFLE.

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

It has a tutorial for using it with Spring Security.

Scrivings answered 7/2, 2013 at 3:47 Comment(1)
Keep in mind the words here ".. when running on Windows.." - WAFFLE depends on native windows libraries on the box your webapp may be running on, so will fail at runtime on non Wintel servers. It may seem obvious but it caught me out. It worked fine on my Win7 dev environment but bombed when deployed to our Linux VMs. Doh.Reconstitute

© 2022 - 2024 — McMap. All rights reserved.