Single Sign On for Web Applications – Use of Windows Login details

3

The post JCIFS and jWebUnit by Matt Raible describes use of JCIFS to achieve single sign on for web applications based on the Windows Login.

On my current project, we’re using JCIFS to integrate our application authentication process with NT Domain logins. While I found it quite easy to integrate, the one issue I found is I couldn’t replicate the login process in a jWebUnit test. I tried setting the WWW-Authentication header to NTLM, but couldn’t get it to work. The solution I ended up using is to subclass the NtlmHttpFilter and disable authentication when the User-Agent is “httpunit”.

I have not had a chance to work on this, but it certainly seems interesting for intranet applications where full blown Portal-based SSO solutions are beyond reach. I hope we can try to get a test of this running and see how to incorporate it in some of our internal applications.

A very useful description of the “Single Sign On” process, using the Windows login for logging in to the Web Application is found here:JCIFS NTLM HTTP Authentication

Share.

About Author

Lucas Jellema, active in IT (and with Oracle) since 1994. Oracle ACE Director for Fusion Middleware. Consultant, trainer and instructor on diverse areas including Oracle Database (SQL & PLSQL), Service Oriented Architecture, BPM, ADF, Java in various shapes and forms and many other things. Author of the Oracle Press book: Oracle SOA Suite 11g Handbook. Frequent presenter on conferences such as JavaOne, Oracle OpenWorld, ODTUG Kaleidoscope, Devoxx and OBUG. Presenter for Oracle University Celebrity specials.

3 Comments

  1. I am trying to use JCIFS to integrate our application authentication process with NT Domain logins . Everything is fine in Mozilla . But in IE it is giving me page not found . I am using tomcat 5.5 and IE 6 with jcif 1.2.13b4 is there any special setup required for IE ?

  2. Pingback: AMIS Technology blog » Blog Archive » Single Sign On in UIX applications

  3. Wouter van Reeven on

    Lucas,

    I have used these classes to implement a SSO for the customer I currently am at. Using the instructions found on http://jcifs.samba.org/src/docs/ntlmhttpauth.html all users within the domain specified in web.xml now can login to a test web application I created. Using JNDI/LDAP lookups in thier Active Directory server I can get the full name of the user (and other details). I will create a post about this later this week.

    Greets, Wouter