Spring Security Single Sign On in Windows Environment

spring active-directory spring-security kerberos spnego
12,860

Check out WAFFLE.

WAFFLE is a native Windows Authentication Framework consisting of two C# and Java libraries that perform functions related to Windows authentication, supporting Negotiate, NTLM and Kerberos. Waffle also includes libraries that enable drop-in Windows Single Sign On for popular Java web servers, when running on Windows.

It has a tutorial for using it with Spring Security.

Share:
12,860
Raevik
Author by

Raevik

Updated on June 04, 2022

Comments

  • Raevik
    Raevik almost 2 years

    I have a feeling I've stumbled into a technical black hole. There have been many questions and not many (recent) answers out there.

    Short summary:

    I have a Windows environment operating with a domain controller and Active Directory implementation (soon to be operating with Quest's Authentication Services). I have a series of Spring-based web applications I want to deploy to this environment and we need them to operate seamlessly with Single Sign-On using the domain credentials.

    It looked like the answer was this:

    http://blog.springsource.org/2009/09/28/spring-security-kerberos/

    I was informed by some of the local AD admins that ktpass, though, was an unsafe (principals and keys stored in plain-text file) and outdated solution. Given the blog linked above is 3 years old, it was tough to argue.

    Then I came across this:

    http://forum.springsource.org/showthread.php?134465-JDK-7-0-and-Spnego-Extension-don-t-work!

    Posted just a week or so ago, it looks like recent efforts to integrate SPNEGO extensions have shown that it's incompatible with JDK 7 and no longer supported!

    It seems like this would be a common thing for people to want to do. I'm surprised that with a framework as widespread as Spring that there's not a simple way to achieve this. Is there another approach I haven't found in the documentation?

    Thanks for any insights or suggestions.

  • David Victor
    David Victor over 9 years
    Keep in mind the words here ".. when running on Windows.." - WAFFLE depends on native windows libraries on the box your webapp may be running on, so will fail at runtime on non Wintel servers. It may seem obvious but it caught me out. It worked fine on my Win7 dev environment but bombed when deployed to our Linux VMs. Doh.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

BadCredentialsException: Kerberos validation not succesfull
How to verify kerberos token?
Kerberos spring javax.security.auth.login.LoginException: Unable to obtain password from user
checksum failed: Kerberos / Spring / Active Directory (2008)
Handling roles when authenticated to active directory with spring security 3.1
Spring Security Kerberos + AD, Checksum Fail
Login Error when authenticating with Kerberos
Apache Kerberos Authentication - Client didn't delegate us their credential
LDAP Error "User Name Not Found"
spring security get user id from DB