Using NTLM Authentication in WO apps
Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
On Nov 21, 2011, at 8:34 AM, Karl wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl The way I would do it (and will really soon for a project) is to have apache handle the authentication of the user if the URL is something like /wa/login. You could use the ntlm module for apache. Actually, since I never done in WO, that leads me to question how I would retrieve the REMOTE_USER from the apache request? (Since windows domains are really kerberos, you could also use kerberos authentication, you would need a HTTP/hostname principal created on the windows kerberos server. There are mails about in on the archives) HG ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
Hi, That is a possibility. How about this - adding a request header with the remote user?: Proxy http://127.0.0.1:2/SOGo ## adjust the following to your configuration RequestHeader set x-webobjects-server-port 443 RequestHeader set x-webobjects-server-name myserver RequestHeader set x-webobjects-server-url https://myserver; ## When using proxy-side autentication, you need to uncomment and ## adjust the following line: # RequestHeader set x-webobjects-remote-user %{REMOTE_USER}e RequestHeader set x-webobjects-server-protocol HTTP/1.0 RequestHeader set x-webobjects-remote-host %{REMOTE_HOST}e env=REMOTE_HOST AddDefaultCharset UTF-8 Order allow,deny Allow from all /Proxy Karl On 2011-11-21, at 2:43 PM, Henrique Gomes wrote: On Nov 21, 2011, at 8:34 AM, Karl wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl The way I would do it (and will really soon for a project) is to have apache handle the authentication of the user if the URL is something like /wa/login. You could use the ntlm module for apache. Actually, since I never done in WO, that leads me to question how I would retrieve the REMOTE_USER from the apache request? (Since windows domains are really kerberos, you could also use kerberos authentication, you would need a HTTP/hostname principal created on the windows kerberos server. There are mails about in on the archives) HG ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
On 2011-11-21, at 3:43 AM, Henrique Gomes wrote: On Nov 21, 2011, at 8:34 AM, Karl wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl The way I would do it (and will really soon for a project) is to have apache handle the authentication of the user if the URL is something like /wa/login. You could use the ntlm module for apache. Actually, since I never done in WO, that leads me to question how I would retrieve the REMOTE_USER from the apache request? It is just a request header, so like this (ExternalAuthenticationUserHeaderKey is remote_user: if (SMApplication.appProperties().booleanPropertyForKey(SMApplication.UsesExternalAuthenticationKey)) { String userIDFromExternalAuthentication = context().request().headerForKey( SMApplication.appProperties().propertyForKey(SMApplication.ExternalAuthenticationUserHeaderKey)); if (! StringAdditions.isEmpty(userIDFromExternalAuthentication)) { userIDFromExternalAuthentication = User.canonicalUserID(userIDFromExternalAuthentication); Chuck (Since windows domains are really kerberos, you could also use kerberos authentication, you would need a HTTP/hostname principal created on the windows kerberos server. There are mails about in on the archives) HG -- Chuck Hill Senior Consultant / VP Development Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems. http://www.global-village.net/products/practical_webobjects smime.p7s Description: S/MIME cryptographic signature ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
if you don't mind commercial solutions you could try crow from atlassian - that seems capable of authenticating against world+dog simon On 21 November 2011 08:34, Karl kgret...@mac.com wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/simon%40potwells.co.uk This email sent to si...@potwells.co.uk ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
Re: Using NTLM Authentication in WO apps
They could improve their dev documentation a bit… I'm trying to move the wiki and Jira users to crowd, that works, but I'm trying to integrate the wocommunity.org login with it and neither their REST or SOAP interfaces works for me (for SOAP, I'm getting invalid credentials). YMMY. if you don't mind commercial solutions you could try crow from atlassian - that seems capable of authenticating against world+dog simon On 21 November 2011 08:34, Karl kgret...@mac.com wrote: Hi, We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before? We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. Any information would be appreciated. Karl ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/simon%40potwells.co.uk This email sent to si...@potwells.co.uk ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/probert%40macti.ca This email sent to prob...@macti.ca ___ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com