-
Notifications
You must be signed in to change notification settings - Fork 185
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSPI-backed JAAS LoginModule #773
Comments
Waffle jna module itself can be password less based on configuration. Does that not solve your need?
Get Outlook for Android<https://aka.ms/ghei36>
…________________________________
From: cebaa <[email protected]>
Sent: Sunday, September 8, 2019 9:14:15 AM
To: Waffle/waffle <[email protected]>
Cc: Subscribed <[email protected]>
Subject: [Waffle/waffle] SSPI-backed JAAS LoginModule (#773)
The JAAS LoginModue that is currently provided does not use SSPI, only username and password. My impression is that the end goal of majority of the users using Waffle is a complete SSO, without the need to supply username and password. It would be good to have such a module implemented into Waffle.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#773?email_source=notifications&email_token=AAHODI5EHZQ6PTYPSMBZ5HDQIT3CPA5CNFSM4IUTM4ZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HKAJOQQ>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAHODI5HWADHL7SYOAOGNXLQIT3CPANCNFSM4IUTM4ZA>.
|
@hazendaz I might have missed the docs on this - do you have any pointers I can look at? In case you are talking about WindowsAuthProviderImpl, is there a way to plug that in into WindowsLoginModule somehow? |
I wrote the JAAS module as a demo, mostly because I could and because that's how we originally tried to do Windows auth. We used to have code that checked whether a username/password was valid, then tried to enumerate user groups in Active Directory. https://code.dblock.org/2010/05/24/windowsactive-directory-authentication-tomcat-jaas-w-waffle.html This is actually a simple demonstration (as opposed to the Single Sign-On Negotiate/NTLM/Kerberos valve) of Waffle and is how we originally used it. |
Also I am pretty sure I tried to make a JAAS module that did SSO and failed. I don't remember why, but I suspect this is because it doesn't allow for any 2-step exchange, or a session or something like that, which is required for any successful SSO on Windows. |
The JAAS LoginModue that is currently provided does not use SSPI, only username and password. My impression is that the end goal of majority of the users using Waffle is a complete SSO, without the need to supply username and password. It would be good to have such a module implemented into Waffle.
The text was updated successfully, but these errors were encountered: