Re: Ref: ARS 7.5 Consuming a Web Service that requires AD Authentication

[Jason Miller]

Thanks for the info John.  I does appear that Axis 2 has support for NTLM
authentication.  Maybe we'll see an update in a future release.  I'll submit
it as an RFE.

We were able to come up with a work around but I am not thrilled with it.
Using BURP Suite's proxy feature (http://www.portswigger.net/suite/) we are
able to run the web service call through the BURP proxy and add NTLM
credentials before the LANDesk server is called.  I am hesitant to call this
method production worthy.  For one it is a tool for attacking web
applications.  I can imagine our security team's response when they find
out we want to run this full time as part of our production environment.
Also since it is designed to analyze traffic, I am figuring there must be a
performance hit.  I haven't looked at all of the configuration options,
maybe we can run it as just a proxy without the analysis enabled?  Still it
is a magic proxy essentially allows anonymous access and then adds AD
credentials.  We'll need to figure out the best way to lock it down if we do
go this route.

I have searched a little for another application that will proxy and add
NTLM but haven't found anything yet.  We have a pretty talented team of .NET
developers.  I might see if they can whip up a simple proxy app that will
add the NTLM credentials and require some authentication to connect.

Jason

On Thu, Mar 25, 2010 at 1:40 AM, John Baker
jba...@javasystemsolutions.comwrote:

 Hello,

 I don't believe you can do this out of the box, although it's becoming
 more popular so it's worth posting an RFE to BMC.  Essentially, it should
 not be a difficult task to implement the RFE - there are various Java HTTP
 clients that'll perform NTLM authentication:

 http://hc.apache.org/httpclient-3.x/authentication.html#NTLM

 And given the username/password fields already exist, it's only a matter
 of somehow setting the scheme.  I've read various posts around Axis 1.4
 and NTLM, and it would appear some people have managed it, but the problem
 with Axis 1.4 is it's a little old and hence the task may not be quite as
 simple as we'd like.


 John

 --
 Java System Solutions - Single Sign On for the AR System
 http://www.javasystemsolutions.com


 ___
 UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
 attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are


___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are

Ref: ARS 7.5 Consuming a Web Service that requires AD Authentication

[John Baker]

Hello,

I don't believe you can do this out of the box, although it's becoming
more popular so it's worth posting an RFE to BMC.  Essentially, it should
not be a difficult task to implement the RFE - there are various Java HTTP
clients that'll perform NTLM authentication:

http://hc.apache.org/httpclient-3.x/authentication.html#NTLM

And given the username/password fields already exist, it's only a matter
of somehow setting the scheme.  I've read various posts around Axis 1.4
and NTLM, and it would appear some people have managed it, but the problem
with Axis 1.4 is it's a little old and hence the task may not be quite as
simple as we'd like.


John

-- 
Java System Solutions - Single Sign On for the AR System
http://www.javasystemsolutions.com

___
UNSUBSCRIBE or access ARSlist Archives at www.arslist.org
attend wwrug10 www.wwrug.com ARSlist: Where the Answers Are