All geek questions in one place

Using SSPI to start SSO from a Java application running on Windows

I have a Java application running on Windows that needs to authenticate for webapp using Kerberos / SPNEGO. I know how to configure JAAS to achieve this goal, but I found that the Kerberos Java implementation (JDK6 and JDK7beta) does not contain several important functions that I need. For example, supporting referrals or using DNS to determine the scope of a host (I have an environment with several environments).

Is there a third-party module that can implement authentication using the native SSPI ? We have already encountered the problem of configuring our Windows clients to work in our environment, it would be nice not to repeat this for Java. I know Waffle and my WindowsLoginModule, but it does not seem to do SSO, as it requires users to re-enter their credentials in the application.

+3
source share
1 answer

We had a similar problem. The main problem for us was that the implementation of the GSS-API fails when using Windows UAC, and we decided to use it Waffle.

Waffle - JNA SSPI. SSO Waffle, sun.net.www.protocol.http.NegotiatorImpl:

package sun.net.www.protocol.http;

import java.io.IOException;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;

public class NegotiatorImpl extends Negotiator {

private String serviceName;

public NegotiatorImpl(HttpCallerInfo hci) throws IOException {
    this.serviceName = "HTTP/" + hci.host.toLowerCase();
}

    @Override
    public byte[] firstToken() throws IOException {
        return WindowsSecurityContextImpl.getCurrent("Negotiate", serviceName).getToken();
    }

    @Override
    public byte[] nextToken(byte[] in) throws IOException {
        return new byte[0];
    }
}

JAR Waffle JNA JAR . /jre/lib/endorsed JVM. Java, JVM, JVM Negotiator.

+3

Source: https://habr.com/ru/post/1761821/

More articles:


All Articles