Kerberos based SSO

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Kerberos based SSO

S Wagle
I'm looking some feedback on implementing Kerberos based SSO.

We successfully implemented NTLM based SSO in our J2EE web apps running
on various application servers using JCIFS.  We have Active Directory in
a Windows 2003 server environment.  The users log in to Windows XP work
stations to access the web apps.  JCIFS worked very well for us!

Now, I am trying to explore ways to do Kerberos authentication.  Would
greatly appreciate any tips.

Thanks

Reply | Threaded
Open this post in threaded view
|

Re: Kerberos based SSO

Michael B Allen-4
Look at jcifs-ext on sourceforge. For some reason I can't recall clearly
but I think it may have implemented kerberos support in some form.

On Fri, 16 Jun 2006 13:28:37 -0400
S Wagle <[hidden email]> wrote:

> I'm looking some feedback on implementing Kerberos based SSO.
>
> We successfully implemented NTLM based SSO in our J2EE web apps running
> on various application servers using JCIFS.  We have Active Directory in
> a Windows 2003 server environment.  The users log in to Windows XP work
> stations to access the web apps.  JCIFS worked very well for us!
>
> Now, I am trying to explore ways to do Kerberos authentication.  Would
> greatly appreciate any tips.
>
> Thanks
>


--
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/
Reply | Threaded
Open this post in threaded view
|

RE: Kerberos based SSO

Mike Streeton
In reply to this post by S Wagle
Look at:

http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/index.
html

It is already built into java

Mike

www.ardentia.com the home of NetSearch
-----Original Message-----
From: jcifs-bounces+mike.streeton=[hidden email]
[mailto:jcifs-bounces+mike.streeton=[hidden email]] On
Behalf Of Michael B Allen
Sent: 16 June 2006 22:42
To: S Wagle
Cc: [hidden email]
Subject: Re: [jcifs] Kerberos based SSO

Look at jcifs-ext on sourceforge. For some reason I can't recall clearly
but I think it may have implemented kerberos support in some form.

On Fri, 16 Jun 2006 13:28:37 -0400
S Wagle <[hidden email]> wrote:

> I'm looking some feedback on implementing Kerberos based SSO.
>
> We successfully implemented NTLM based SSO in our J2EE web apps
running
> on various application servers using JCIFS.  We have Active Directory
in
> a Windows 2003 server environment.  The users log in to Windows XP
work
> stations to access the web apps.  JCIFS worked very well for us!
>
> Now, I am trying to explore ways to do Kerberos authentication.  Would

> greatly appreciate any tips.
>
> Thanks
>


--
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos based SSO

Richard Caper
Java provides the core Kerberos stuff... there is some "glue" that the
filter needs to wrap it for the client.  This is in jcifs-ext and also
the patch here (which has instructions also needed for jcifs-ext):

http://lists.samba.org/archive/jcifs/2004-June/003497.html

I have never gotten this working myself frankly, but others on the
list have reported some success.

On 6/19/06, Mike Streeton <[hidden email]> wrote:

> Look at:
>
> http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/index.
> html
>
> It is already built into java
>
> Mike
>
> www.ardentia.com the home of NetSearch
> -----Original Message-----
> From: jcifs-bounces+mike.streeton=[hidden email]
> [mailto:jcifs-bounces+mike.streeton=[hidden email]] On
> Behalf Of Michael B Allen
> Sent: 16 June 2006 22:42
> To: S Wagle
> Cc: [hidden email]
> Subject: Re: [jcifs] Kerberos based SSO
>
> Look at jcifs-ext on sourceforge. For some reason I can't recall clearly
> but I think it may have implemented kerberos support in some form.
>
> On Fri, 16 Jun 2006 13:28:37 -0400
> S Wagle <[hidden email]> wrote:
>
> > I'm looking some feedback on implementing Kerberos based SSO.
> >
> > We successfully implemented NTLM based SSO in our J2EE web apps
> running
> > on various application servers using JCIFS.  We have Active Directory
> in
> > a Windows 2003 server environment.  The users log in to Windows XP
> work
> > stations to access the web apps.  JCIFS worked very well for us!
> >
> > Now, I am trying to explore ways to do Kerberos authentication.  Would
>
> > greatly appreciate any tips.
> >
> > Thanks
> >
>
>
> --
> Michael B Allen
> PHP Extension for SSO w/ Windows Group Authorization
> http://www.ioplex.com/
>
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos based SSO

S Wagle
In reply to this post by Michael B Allen-4
Thanks for all the responses.

Just a bit concerned though that jcifs-ext on sourceforge doesn't seem
to be quite as active as JCIFS.

The last release is 0.9.4 as of July 04.

There also seems to be limited activity on the sourceforge mailing list
or on this jcifs mailing list for jcifs-ext.

Not sure what to make of this, especially considering that our
enterprise is quite large with about 100+ different applications out
there to be integrated.  There's always the possibility of running into
some special scenario.

Please let me know if you have any information/feedback on this concern.

Does anybody have any experiences with any commercial packages etc?

I'll also look into what's available with Java out of the box.

Thanks!



Michael B Allen wrote:
> Look at jcifs-ext on sourceforge. For some reason I can't recall clearly
> but I think it may have implemented kerberos support in some form.
>

Reply | Threaded
Open this post in threaded view
|

RE: Re: Kerberos based SSO

FARROKHIAN Rémi
In reply to this post by S Wagle
3 KerberOS Java implementations :

1) VSJ (Quest Software)
2) SPNEGO SSO (AppliedCrypto)
3) Authentication (Kerberos) Technology Preview (IBM) : FREE (included in
WAS6.1).

Also, KerberOS in included in Java6




-----Message d'origine-----
De : jcifs-bounces+rfarrokhian=[hidden email]
[mailto:jcifs-bounces+rfarrokhian=[hidden email]] De la part de S
Wagle
Envoyé : lundi 19 juin 2006 17:04
À : [hidden email]
Objet : [jcifs] Re: Kerberos based SSO

Thanks for all the responses.

Just a bit concerned though that jcifs-ext on sourceforge doesn't seem to be
quite as active as JCIFS.

The last release is 0.9.4 as of July 04.

There also seems to be limited activity on the sourceforge mailing list or
on this jcifs mailing list for jcifs-ext.

Not sure what to make of this, especially considering that our enterprise is
quite large with about 100+ different applications out there to be
integrated.  There's always the possibility of running into some special
scenario.

Please let me know if you have any information/feedback on this concern.

Does anybody have any experiences with any commercial packages etc?

I'll also look into what's available with Java out of the box.

Thanks!



Michael B Allen wrote:
> Look at jcifs-ext on sourceforge. For some reason I can't recall
> clearly but I think it may have implemented kerberos support in some form.
>