Integrated Windows Authentication

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

Integrated Windows Authentication

swirl
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

mmornati
Hi,

take a look to Kerberos Authentication. In fact Windows Active Directory
Tech is a mix from Kerberos and LDAP Authentication and, if your browser
support this type of authetication (you have to get parameters needed
for authentication directly from System) you are able to make a login
inside your application doing nothing.

I don't know if acegi plugin already have this features inside, but I'm
doing the some type of authetication inside my application. So if you
need more helps just contact me.

My idea is to create a new plugin that help programmer creating
application with "auto-authetication".

Bye
Marco

swirl wrote:

> Hi,
> I am trying to sell Grails as a framework for developing applications in my
> company.
>
> But one roadblock is that we require users of all web applications to be
> authenticated against the windows Domain Controller automatically, ie, no
> need to enter username/password as long as they are logged into their
> WindowsXP machine.
>
> This is what users are used to after scores of ASP.NET apps hosted on IIS.
>
>
> How can I get the same user experience on Grails application (as far as
> authentication is concerned)?
>
>
> FYI, we also uses 2FA using smartcard USB tokens.
>
> Thanks in advance.
>  


--
Dott. Ing. Mornati Marco
Byte-Code s.r.l
via Antonio Cechov, 1
San Giuliano Milanese (MI)
E-Mail: [hidden email]



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

Wilson MacGyver
I too am trying to figure out a way to do this using grails. The
solution you have
sounds interesting. Does it work with Firefox also? or only IE?

On Wed, Jun 11, 2008 at 1:04 AM, Marco Mornati <[hidden email]> wrote:

> Hi,
>
> take a look to Kerberos Authentication. In fact Windows Active Directory
> Tech is a mix from Kerberos and LDAP Authentication and, if your browser
> support this type of authetication (you have to get parameters needed for
> authentication directly from System) you are able to make a login inside
> your application doing nothing.
>
> I don't know if acegi plugin already have this features inside, but I'm
> doing the some type of authetication inside my application. So if you need
> more helps just contact me.
>
> My idea is to create a new plugin that help programmer creating application
> with "auto-authetication".
>
> Bye
> Marco
>
> swirl wrote:
>>
>> Hi,
>> I am trying to sell Grails as a framework for developing applications in
>> my
>> company.
>> But one roadblock is that we require users of all web applications to be
>> authenticated against the windows Domain Controller automatically, ie, no
>> need to enter username/password as long as they are logged into their
>> WindowsXP machine.
>>
>> This is what users are used to after scores of ASP.NET apps hosted on IIS.
>>
>>
>> How can I get the same user experience on Grails application (as far as
>> authentication is concerned)?
>>
>>
>> FYI, we also uses 2FA using smartcard USB tokens.
>>
>> Thanks in advance.
>>
>
>
> --
> Dott. Ing. Mornati Marco
> Byte-Code s.r.l
> via Antonio Cechov, 1
> San Giuliano Milanese (MI)
> E-Mail: [hidden email]
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>   http://xircles.codehaus.org/manage_email
>
>
>



--
Omnem crede diem tibi diluxisse supremum.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

mmornati
Sure... now it works with all major browser! ;)

Wilson MacGyver wrote:

> I too am trying to figure out a way to do this using grails. The
> solution you have
> sounds interesting. Does it work with Firefox also? or only IE?
>
> On Wed, Jun 11, 2008 at 1:04 AM, Marco Mornati <[hidden email]> wrote:
>  
>> Hi,
>>
>> take a look to Kerberos Authentication. In fact Windows Active Directory
>> Tech is a mix from Kerberos and LDAP Authentication and, if your browser
>> support this type of authetication (you have to get parameters needed for
>> authentication directly from System) you are able to make a login inside
>> your application doing nothing.
>>
>> I don't know if acegi plugin already have this features inside, but I'm
>> doing the some type of authetication inside my application. So if you need
>> more helps just contact me.
>>
>> My idea is to create a new plugin that help programmer creating application
>> with "auto-authetication".
>>
>> Bye
>> Marco
>>
>> swirl wrote:
>>    
>>> Hi,
>>> I am trying to sell Grails as a framework for developing applications in
>>> my
>>> company.
>>> But one roadblock is that we require users of all web applications to be
>>> authenticated against the windows Domain Controller automatically, ie, no
>>> need to enter username/password as long as they are logged into their
>>> WindowsXP machine.
>>>
>>> This is what users are used to after scores of ASP.NET apps hosted on IIS.
>>>
>>>
>>> How can I get the same user experience on Grails application (as far as
>>> authentication is concerned)?
>>>
>>>
>>> FYI, we also uses 2FA using smartcard USB tokens.
>>>
>>> Thanks in advance.
>>>
>>>      
>> --
>> Dott. Ing. Mornati Marco
>> Byte-Code s.r.l
>> via Antonio Cechov, 1
>> San Giuliano Milanese (MI)
>> E-Mail: [hidden email]
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this list, please visit:
>>
>>   http://xircles.codehaus.org/manage_email
>>
>>
>>
>>    
>
>
>
>  


--
Dott. Ing. Mornati Marco
Byte-Code s.r.l
via Antonio Cechov, 1
San Giuliano Milanese (MI)
E-Mail: [hidden email]



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

AW: Integrated Windows Authentication

Attermeyer, Richard
In reply to this post by swirl
Hi,

this should actually be not a big deal.
We have something in place for years based on NTLM authentication. If your infrastructure is not so weired than ours, it is possible to use jcifs directly.

Depending on the JDK version you are running, you really might also consider Kerberos authentication, although this requires a bit more work, e.g. getting a key for your app/appserver from your Windows admin.
The protocol is also a bit more complex to understand.

JDK version matters as standard hash functions used by ActiveDirectory are only supported from 1.5.0_07 if I remember correctly. This was a showstopper for us for a long time to move to Kerberos authentication.
See http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/jgss-features.html for reference.


Best Regards,
Richard

-----Urspr√ľngliche Nachricht-----
Von: swirl [mailto:[hidden email]]
Gesendet: Mittwoch, 11. Juni 2008 06:21
An: [hidden email]
Betreff: [grails-user] Integrated Windows Authentication


Hi,
I am trying to sell Grails as a framework for developing applications in my
company.

But one roadblock is that we require users of all web applications to be
authenticated against the windows Domain Controller automatically, ie, no
need to enter username/password as long as they are logged into their
WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as
authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
--
View this message in context: http://www.nabble.com/Integrated-Windows-Authentication-tp17769794p17769794.html
Sent from the grails - user mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email



---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

swirl
In reply to this post by swirl
Thanks for the replies.

I think I probably need to do a POC on users accesing Grails without passwords entering first.
Will proceed to using Kerberos when I get the green light.


i have heard of both JCIFS and Acegi. Which one should I use?




swirl wrote
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

RE: Integrated Windows Authentication

LWexler
We use JCIFS and I can definitely recommend it.

All you have to do is:

+ Add the jcifs jar to your project.
+ Add an appropriate filter to templates/war/web.xml
  (see grails docs for how to expose this template)
+ read the user name from the ServletRequest's "userPrincipal" property.


The JCIFS documentation is a little obscure, however.


Best,

Lee

-----Original Message-----
From: swirl [mailto:[hidden email]]
Sent: Wednesday, June 11, 2008 5:05 AM
To: [hidden email]
Subject: Re: [grails-user] Integrated Windows Authentication


Thanks for the replies.

I think I probably need to do a POC on users accesing Grails without
passwords entering first.
Will proceed to using Kerberos when I get the green light.


i have heard of both JCIFS and Acegi. Which one should I use?





swirl wrote:
>
> Hi,
> I am trying to sell Grails as a framework for developing applications
> in my company.
>
> But one roadblock is that we require users of all web applications to
> be authenticated against the windows Domain Controller automatically,
> ie, no need to enter username/password as long as they are logged into

> their WindowsXP machine.
>
> This is what users are used to after scores of ASP.NET apps hosted on
IIS.

>
>
> How can I get the same user experience on Grails application (as far
> as authentication is concerned)?
>
>
> FYI, we also uses 2FA using smartcard USB tokens.
>
> Thanks in advance.
>

--
View this message in context:
http://www.nabble.com/Integrated-Windows-Authentication-tp17769794p17773
211.html
Sent from the grails - user mailing list archive at Nabble.com.


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


--
_________________________________________________________
This communication is intended only for the addressee(s) and may contain confidential information. We do not waive any confidentiality by misdelivery. If you receive this communication in error, any use, dissemination, printing or copying is strictly prohibited; please destroy all electronic and paper copies and notify the sender immediately.

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

Joachim Hergeth
In reply to this post by mmornati
Hi,
I also am VERY much interested in single-sign-on authentication to
ActiveDirectory. I would like to use this in an pure MS environment
Intranet-site.

I tried several times to get SSO running with tomcat, but never
succeded. Currently I use Apache SPENGO auth. + LDAP under PHP, but I
really would love to use Grails.

So if you have something to test, I could help.

With regards
Joachim Hergeth

Marco Mornati schrieb:

> Sure... now it works with all major browser! ;)
>
> Wilson MacGyver wrote:
>> I too am trying to figure out a way to do this using grails. The
>> solution you have
>> sounds interesting. Does it work with Firefox also? or only IE?
>>
>> On Wed, Jun 11, 2008 at 1:04 AM, Marco Mornati
>> <[hidden email]> wrote:
>>  
>>> Hi,
>>>
>>> take a look to Kerberos Authentication. In fact Windows Active
>>> Directory
>>> Tech is a mix from Kerberos and LDAP Authentication and, if your
>>> browser
>>> support this type of authetication (you have to get parameters
>>> needed for
>>> authentication directly from System) you are able to make a login
>>> inside
>>> your application doing nothing.
>>>
>>> I don't know if acegi plugin already have this features inside, but I'm
>>> doing the some type of authetication inside my application. So if
>>> you need
>>> more helps just contact me.
>>>
>>> My idea is to create a new plugin that help programmer creating
>>> application
>>> with "auto-authetication".
>>>
>>> Bye
>>> Marco
>>>
>>> swirl wrote:
>>>    
>>>> Hi,
>>>> I am trying to sell Grails as a framework for developing
>>>> applications in
>>>> my
>>>> company.
>>>> But one roadblock is that we require users of all web applications
>>>> to be
>>>> authenticated against the windows Domain Controller automatically,
>>>> ie, no
>>>> need to enter username/password as long as they are logged into their
>>>> WindowsXP machine.
>>>>
>>>> This is what users are used to after scores of ASP.NET apps hosted
>>>> on IIS.
>>>>
>>>>
>>>> How can I get the same user experience on Grails application (as
>>>> far as
>>>> authentication is concerned)?
>>>>
>>>>
>>>> FYI, we also uses 2FA using smartcard USB tokens.
>>>>
>>>> Thanks in advance.
>>>>
>>>>      
>>> --
>>> Dott. Ing. Mornati Marco
>>> Byte-Code s.r.l
>>> via Antonio Cechov, 1
>>> San Giuliano Milanese (MI)
>>> E-Mail: [hidden email]
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe from this list, please visit:
>>>
>>>   http://xircles.codehaus.org/manage_email
>>>
>>>
>>>
>>>    
>>
>>
>>
>>  
>
>

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

swirl
In reply to this post by swirl
Thanks to all who have helped in this question.
I have successfully make my Grails application authenticate with a Windows domain without having the user explicitly logging on to the application.

To help others, you can look at this wiki that I found (translate it from German to read, but rememeber to copy the codes in the original web page): http://www.groovy-forum.de/wiki/Wiki.jsp?page=Windows-Authentifizierung%20nutzen 

Note that the wiki does not authenticate to a domain controller, you need to change the web.xml to add in an additional section for the filter: jcifs.http.domainController (see JCIFS doc for the full xml syntax)

Let me know if you need more help..

Thanks!

swirl wrote
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

Andre Pietsch
In reply to this post by swirl
Hi!
I released an application using the Acegi Plugin. Acegi provides LDAP authentication and it works stable and good.

You should check out the plugin page.

Once you have read and worked through the tutorial you are on the safer side to have this part of your app left to a plugin than having to maintain it yourself.

It's up to you, though :)

My application is running at a customers site authenticating all 30 users against a Windows 2000 Active Directory (having 10000+ users). Running stable and good, so far.

Regards,
Andre

swirl wrote
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

swirl
Thanks scai_andre,

Does your users need to enter any username/passwords to enter the Grails application (assume that they are already logged on to Windows itself)?



scai_andre wrote
Hi!
I released an application using the Acegi Plugin. Acegi provides LDAP authentication and it works stable and good.

You should check out the plugin page.

Once you have read and worked through the tutorial you are on the safer side to have this part of your app left to a plugin than having to maintain it yourself.

It's up to you, though :)

My application is running at a customers site authenticating all 30 users against a Windows 2000 Active Directory (having 10000+ users). Running stable and good, so far.

Regards,
Andre

swirl wrote
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

Andre Pietsch
Ok,
*cough, cough* took the time to read your post more thoroughly now :)

Yes, they do need to enter their logon information again and I realize this is not what you want :(

sorry for causing confusion...

swirl wrote
Thanks scai_andre,

Does your users need to enter any username/passwords to enter the Grails application (assume that they are already logged on to Windows itself)?



scai_andre wrote
Hi!
I released an application using the Acegi Plugin. Acegi provides LDAP authentication and it works stable and good.

You should check out the plugin page.

Once you have read and worked through the tutorial you are on the safer side to have this part of your app left to a plugin than having to maintain it yourself.

It's up to you, though :)

My application is running at a customers site authenticating all 30 users against a Windows 2000 Active Directory (having 10000+ users). Running stable and good, so far.

Regards,
Andre

swirl wrote
Hi,
I am trying to sell Grails as a framework for developing applications in my company.

But one roadblock is that we require users of all web applications to be authenticated against the windows Domain Controller automatically, ie, no need to enter username/password as long as they are logged into their WindowsXP machine.

This is what users are used to after scores of ASP.NET apps hosted on IIS.


How can I get the same user experience on Grails application (as far as authentication is concerned)?


FYI, we also uses 2FA using smartcard USB tokens.

Thanks in advance.
Reply | Threaded
Open this post in threaded view
|

Re: Integrated Windows Authentication

snuneztt
In reply to this post by swirl
I need examples the forum is not availabe now, please show me how do you do this.

Thanks a lot