-
1. Re: IdentityStore and Kerberos
magix Sep 4, 2009 4:52 PM (in response to dklogica)Look at http://s2.diffuse.it/blog/show/6602-SPNEGO_authentication_and_credential_delegation_with_Java and
http://s2.diffuse.it/blog/category/kerberos.I hope this helps.
Matthias
-
2. Re: IdentityStore and Kerberos
coenos Sep 4, 2009 9:25 PM (in response to dklogica)You can also integrate JCIFS with Kerberos into Seam.
Using the Identity's Principal to verify against the Kerberos server.
Get JCIFS-krb5 here or use Maven to download the jar.
See the KerberosAuthExample.java for an example implementation.
Cheers,
Coenos -
3. Re: IdentityStore and Kerberos
digit0815 Sep 8, 2009 6:36 PM (in response to dklogica)Hi there,
as using jcifs requires a password to be typed in:
does anyone know a solution for a 'real' sso, which does not require to enter login credentials, but uses e. g. internetExplorer to negotiate?
are using seam 2.01, as 5.01, have properly installed jboss security-negotiation (2.0.1 GA).
samples of security-negotiation run perfect, but we didn't find a way to integrate with seam so far....thanks and cheers,
ingo -
4. Re: IdentityStore and Kerberos
coenos Sep 8, 2009 7:45 PM (in response to dklogica)With JCIFS you do'n need to put in a password. You can configure Seam's authenticator to autoLogin a user.
@Name("authenticator") public class Authenticator { @Logger Log log; @In Identity identity; @In Credentials credentials; @In Context sessionContext; public boolean autoLogin2() { return this.authenticate(); } public boolean autoLogin() { // trying auto-login Object autoLogin = sessionContext.get("NtlmHttpAuth"); boolean isAuthenticated = false; if (autoLogin != null && (autoLogin instanceof NtlmPasswordAuthentication)) { try { // This will trigger a call of Authenticator.authenticate() (see // below) identity.authenticate(); isAuthenticated=true; } catch (Exception e) { log.info(String.format("Autologin failed: %s", e.getMessage())); } } return isAuthenticated; } public void ssoRedirect() throws Exception { } public void ssoRedirect() throws Exception { if (identity.isLoggedIn()) { log.debug(String.format("ssoRedirect: user %s is logged in", identity.getPrincipal().getName())); FacesMessages.instance().clear(); // clear the regular Seam // messages Redirect.instance().returnToCapturedView(); // return to the // captured view } } public boolean authenticate2() { identity.addRole("admin"); identity.isLoggedIn(true); return true; } public boolean authenticate() { // TODO: Differentiate between form-based / prompted login and automatic // login - is that even possible? Object autoLogin = sessionContext.get("NtlmHttpAuth"); boolean isAuthenticated = false; if (autoLogin != null && (autoLogin instanceof NtlmPasswordAuthentication)) { NtlmPasswordAuthentication ntlm = (NtlmPasswordAuthentication) autoLogin; String username = ntlm.getUsername(); isAuthenticated = username != null && username.length() != 0; if (isAuthenticated) { log.info(String.format("Authenticated: %s", username)); identity.getCredentials().setUsername(username); identity.getCredentials().setPassword("nonsense"); //isAuthenticated = umbrellaSecurityManager.userIsKnown(username); if (isAuthenticated) { identity.addRole("admin"); } } } return isAuthenticated; } }
Set the JCIFS NtlmFilter.
<filter> <filter-name>NtlmHttpFilter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name> <param-value>127.0.0.7</param-value> </init-param> <init-param> <param-name>jcifs.smb.client.domain</param-name> <param-value>MYDOMAIN</param-value> </init-param> <init-param> <param-name>jcifs.smb.lmCompatibility</param-name> <param-value>3</param-value> </init-param> <init-param> <param-name>jcifs.util.loglevel</param-name> <param-value>2</param-value> </init-param> </filter> <filter-mapping> <filter-name>NtlmHttpFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
Etc etc..
If you need more info, let me know,
Coen -
5. Re: IdentityStore and Kerberos
ivan.indrawan Apr 26, 2010 11:43 AM (in response to dklogica)Hi there,
The example above uses NTLM authentication. Are there any example of Kerberos authentication using the JCIFS library that does not require user to enter the password?
Cheers,
Ivan
-
6. Re: IdentityStore and Kerberos
xplace Jul 7, 2011 2:35 AM (in response to dklogica)Need seam demo application with kerberos SSO