Regarding "HTTP Negotiate", - I am on the lookout for people interested in SSO from a browser to Tomcat and against a Windows Domain Controller/Active Directory through LDAP with the purpose of creating a stand-alone servlet filter.
Configuration on network: 1) Active Directory (Windows Domain Controller) accessible through LDAP on network #1. 2) Client browsers (IE, Firefox) on Windows machines on network #1 logged in to the domain controller in 1). 3) Web application running on Tomcat on network #2 with only i) HTTP access from network #1->#2 and with ii) LDAP access from network #2->#1. Until now, I have been unable to find any simple, open source implementations of such a filter. I have noticed the old jCIFS-Ext work on SourceForge, the improvements made by the Jboss project and the inclusion of SPNEGO in the new Java 6 JSE. Until now, I can make my browser activate a "HTTP Negotiate" with the mechanisms Microsoft Kerberos 5/Kerberos 5/NTLM and handle the headers themselves in a prototype servlet filter on my 3) Tomcat server. I am also able to access the Active Directory in 1) through LDAP and the GSS-API using Kerberos - with a standalone test-program and of course written in Java. I am not interested in NTLM SSO and no valves. I am interested in a standalone filter handling SSO by using HTTP Negotiate with SPNEGO+Kerberos and verifying tickets by LDAP handshake. With source code, that is. My target is Java 6 + Tomcat 5.5+. Has anyone done this? Where to find this filter? Regards Morten Sabroe Mortensen --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
