Re: Using NTLM Authentication in WO apps
Re: Using NTLM Authentication in WO apps
- Subject: Re: Using NTLM Authentication in WO apps
- From: Chuck Hill <email@hidden>
- Date: Mon, 21 Nov 2011 12:08:39 -0800
On 2011-11-21, at 3:43 AM, Henrique Gomes wrote:
>
> On Nov 21, 2011, at 8:34 AM, Karl wrote:
>
>> Hi,
>>
>> We have a client who wants to use NTLM authentication for our WOApp to provide single sign on for their Windows users. Has anyone actually done this before?
>>
>> We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x.
>>
>> Any information would be appreciated.
>>
>> Karl
>
>
> The way I would do it (and will really soon for a project) is to have apache handle the authentication of the user if the URL is something like /wa/login.
> You could use the ntlm module for apache.
>
> Actually, since I never done in WO, that leads me to question how I would retrieve the REMOTE_USER from the apache request?
It is just a request header, so like this (ExternalAuthenticationUserHeaderKey is "remote_user":
if (SMApplication.appProperties().booleanPropertyForKey(SMApplication.UsesExternalAuthenticationKey))
{
String userIDFromExternalAuthentication = context().request().headerForKey(
SMApplication.appProperties().propertyForKey(SMApplication.ExternalAuthenticationUserHeaderKey));
if (! StringAdditions.isEmpty(userIDFromExternalAuthentication))
{
userIDFromExternalAuthentication = User.canonicalUserID(userIDFromExternalAuthentication);
Chuck
>
> (Since windows domains are really kerberos, you could also use kerberos authentication, you would need a HTTP/hostname principal created on the windows kerberos server. There are mails about in on the archives)
>
> HG
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden