SSPI-backed JAAS LoginModule #773
Comments
|
Waffle jna module itself can be password less based on configuration. Does that not solve your need?
Get Outlook for Android<https://aka.ms/ghei36>
…________________________________
From: cebaa <[email protected]>
Sent: Sunday, September 8, 2019 9:14:15 AM
To: Waffle/waffle <[email protected]>
Cc: Subscribed <[email protected]>
Subject: [Waffle/waffle] SSPI-backed JAAS LoginModule (#773)
The JAAS LoginModue that is currently provided does not use SSPI, only username and password. My impression is that the end goal of majority of the users using Waffle is a complete SSO, without the need to supply username and password. It would be good to have such a module implemented into Waffle.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#773?email_source=notifications&email_token=AAHODI5EHZQ6PTYPSMBZ5HDQIT3CPA5CNFSM4IUTM4ZKYY3PNVWWK3TUL52HS4DFUVEXG43VMWVGG33NNVSW45C7NFSM4HKAJOQQ>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AAHODI5HWADHL7SYOAOGNXLQIT3CPANCNFSM4IUTM4ZA>.
|
|
@hazendaz I might have missed the docs on this - do you have any pointers I can look at? In case you are talking about WindowsAuthProviderImpl, is there a way to plug that in into WindowsLoginModule somehow? |
|
I wrote the JAAS module as a demo, mostly because I could and because that's how we originally tried to do Windows auth. We used to have code that checked whether a username/password was valid, then tried to enumerate user groups in Active Directory. https://code.dblock.org/2010/05/24/windowsactive-directory-authentication-tomcat-jaas-w-waffle.html This is actually a simple demonstration (as opposed to the Single Sign-On Negotiate/NTLM/Kerberos valve) of Waffle and is how we originally used it. |
|
Also I am pretty sure I tried to make a JAAS module that did SSO and failed. I don't remember why, but I suspect this is because it doesn't allow for any 2-step exchange, or a session or something like that, which is required for any successful SSO on Windows. |
The JAAS LoginModue that is currently provided does not use SSPI, only username and password. My impression is that the end goal of majority of the users using Waffle is a complete SSO, without the need to supply username and password. It would be good to have such a module implemented into Waffle.
The text was updated successfully, but these errors were encountered: