Fog Creek Software
Discussion Board




single sign on solution

Anybody know of any single sign on solution which is -
1. relatively easy to deploy
2. Logs you into the web app once you log onto the OS, probably authenticating using active directory
3. Works in a Tomcat/XP environment

Anon
Monday, July 05, 2004

You can do this using jCIFS in conjunction with a bit of custom code, see this link:

http://jcifs.samba.org/src/docs/httpclient.html

Gerald
Monday, July 05, 2004

Just don't buy Tivoli Anything.

IBM Suck
Monday, July 05, 2004

We have implemented a Single Sign On solution using Kerberos authentication protocol.

This Single Sign On is across a no of client server applications(>50) mostly internal applications and web applications which are both internal and used by the customers.
Before implementing this, all the authentication used to be done against a oracle database. Now, we still have the oracle as a backup authentication besides the kerberos KDC's and there is a real time synching mechanism to keep the data in both KDC's and database same.

The advantage with Kerberos, i found was, besides being a very secure mechanism, it is very fast.

mrc
Monday, July 05, 2004

I once wrote a JAAS module that hit up against Active Directory with standard LDAP.  After authentication, it queried for all the NT groups the user belonged to, and used that the user's role list.  It worked quite well for the company's intranet web apps consumed from Win2K and XP workstations.

Joe
Tuesday, July 06, 2004

Joe, can you give me a few details on how you managed to do it?

Anon
Tuesday, July 06, 2004

Anon, unfortunately the specifics of it have long passed out of my recollection (as I'm no longer w/ that company and have switched to .NET), but I think I still have the code around somewhere.  Let me dig for it tonight and get back to you.

Joe
Tuesday, July 06, 2004

*  Recent Topics

*  Fog Creek Home