Using NTLM Authentication in WO apps
Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
On Nov 21, 2011, at 8:34 AM, Karl wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl The way I would do it (and will really soon for a project) is to have apache handle the authentication of the user if the URL is something like /wa/login. You could use the ntlm module for apache. Actually, since I never done in WO, that leads me to question how I would retrieve the REMOTE_USER from the apache request? (Since windows domains are really kerberos, you could also use kerberos authentication, you would need a HTTP/hostname principal created on the windows kerberos server. There are mails about in on the archives) HG ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
Hi,
That is a possibility. How about this - adding a request header with the
remote user?:
Proxy http://127.0.0.1:2/SOGo
## adjust the following to your configuration
RequestHeader set x-webobjects-server-port 443
RequestHeader set x-webobjects-server-name myserver
RequestHeader set x-webobjects-server-url https://myserver;
## When using proxy-side autentication, you need to uncomment and
## adjust the following line:
# RequestHeader set x-webobjects-remote-user %{REMOTE_USER}e
RequestHeader set x-webobjects-server-protocol HTTP/1.0
RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e env=REMOTE_HOST
AddDefaultCharset UTF-8
Order allow,deny
Allow from all
/Proxy
Karl
On 2011-11-21, at 2:43 PM, Henrique Gomes wrote:
On Nov 21, 2011, at 8:34 AM, Karl wrote:
Hi,
We have a client who wants to use NTLM authentication for our WOApp to
provide single sign on for their Windows users. Has anyone actually done
this before?
We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x.
Any information would be appreciated.
Karl
The way I would do it (and will really soon for a project) is to have apache
handle the authentication of the user if the URL is something like /wa/login.
You could use the ntlm module for apache.
Actually, since I never done in WO, that leads me to question how I would
retrieve the REMOTE_USER from the apache request?
(Since windows domains are really kerberos, you could also use kerberos
authentication, you would need a HTTP/hostname principal created on the
windows kerberos server. There are mails about in on the archives)
HG
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
On 2011-11-21, at 3:43 AM, Henrique Gomes wrote:
On Nov 21, 2011, at 8:34 AM, Karl wrote:
Hi,
We have a client who wants to use NTLM authentication for our WOApp to
provide single sign on for their Windows users. Has anyone actually done
this before?
We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x.
Any information would be appreciated.
Karl
The way I would do it (and will really soon for a project) is to have apache
handle the authentication of the user if the URL is something like /wa/login.
You could use the ntlm module for apache.
Actually, since I never done in WO, that leads me to question how I would
retrieve the REMOTE_USER from the apache request?
It is just a request header, so like this (ExternalAuthenticationUserHeaderKey
is remote_user:
if
(SMApplication.appProperties().booleanPropertyForKey(SMApplication.UsesExternalAuthenticationKey))
{
String userIDFromExternalAuthentication =
context().request().headerForKey(
SMApplication.appProperties().propertyForKey(SMApplication.ExternalAuthenticationUserHeaderKey));
if (! StringAdditions.isEmpty(userIDFromExternalAuthentication))
{
userIDFromExternalAuthentication =
User.canonicalUserID(userIDFromExternalAuthentication);
Chuck
(Since windows domains are really kerberos, you could also use kerberos
authentication, you would need a HTTP/hostname principal created on the
windows kerberos server. There are mails about in on the archives)
HG
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall
knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
smime.p7s
Description: S/MIME cryptographic signature
___
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-dev@lists.apple.com)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com
This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
if you don't mind commercial solutions you could try crow from atlassian - that seems capable of authenticating against world+dog simon On 21 November 2011 08:34, Karl kgret...@mac.com wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/simon%40potwells.co.uk This email sent to si...@potwells.co.uk ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
They could improve their dev documentation a bit… I'm trying to move the wiki and Jira users to crowd, that works, but I'm trying to integrate the wocommunity.org login with it and neither their REST or SOAP interfaces works for me (for SOAP, I'm getting invalid credentials). YMMY. if you don't mind commercial solutions you could try crow from atlassian - that seems capable of authenticating against world+dog simon On 21 November 2011 08:34, Karl kgret...@mac.com wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/simon%40potwells.co.uk This email sent to si...@potwells.co.uk ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/probert%40macti.ca This email sent to prob...@macti.ca ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
