Arkin Günyar Arkin Günyar - 4 months ago 92
Java Question

Java SSO with Wildfly 8, Java 1.8.0_45 and Active Directory

I was searching a lot about this topic but can't find a solution.

Short description of the requirements:


  • SSO on a WebApp under Wildfly 8.2

  • Authenticate the Windows User to the Active Directory

  • Fallback to Login Form, when SSO fails

  • Running in a Domain Configuration of Wildfly



Environment:


  • Microsoft AD Windows Server 2012 R2 (1. Machine)

  • Microsoft Server 2012 R2 with Wildfly 8.2 (2. Machine)

  • The 2.Machine yas joined the Domain



What I tried so far, is bound the AD and the Wildfly Server via ktpass, kinit, ... it works!


  1. Tried following:
    github.com/dstraub/spnego-wildfly

    Is NOT working in fact, that there is no fallback (form based) and a Problem with the Java Version 1.8.0_45
    sourceforge.net/p/spnego/discussion/1003769/thread/700b6941/#cb84.

  2. Tried next:
    github.com/kwart/spnego-demo

    Also not working, it seems the Wildfly 8.2 has a different behavior.

  3. WAFFLE Library:
    Cannot bring that to work under Wildfly, good support for Tomcat but not more.



Has someone made experience with this configuration an has a solution for that?

Answer

Here is the explanation:

  1. I've created a webapp with following libraries included:

    • guava-18.0.jar
    • jna-4.1.0.jar
    • jna-platform-4.1.0.jar
    • slf4j-api-1.7.12.jar
    • waffle-jna-1.7.4.jar
  2. I've declared the Webfilter in the web.xml:

<filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
  1. After that you can read the user from the HttpServletRequest
public String getUserName() {
    Enumeration<String> headerNames = servletRequest.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String headerName = headerNames.nextElement();
        String headerValue = servletRequest.getHeader(headerName);
        System.out.println("Header Name:" + headerName + " " + headerValue);
    }       
    return servletRequest.getUserPrincipal().getName();
}
  1. Configuring your Browser for Single-SignOn:

https://github.com/dblock/waffle/blob/master/Docs/ConfiguringBrowsers.md

Comments