A common request from our customers is that they want different kinds of authentication depending on from where the user connects.
Imagine the following scenario:
A typical web application, JAAS authentication.
Apache (or some other web server) fronting the J2EE server. One web server serving the Intranet and another serving the internet. Clients connecting from the Intranet authenticate using, say LDAP. Clients connecting from the Internet authenticate using some kind of certificate. (Doesn't really matter. All I want is different authentication mechanisms depending on from where the client connects.)
How about these?
1. Have a separate URL for internal and another for external
2. Have a checkbox in the login screen saying that, connecting from internal for the first time and set a cookie on the machine for future logins.
You mean that the client would decide how to authenticate (based on the cookie value)? That would not work well with laptops that may connect from either the Intranet or the Internet...
Get their IP address after the credentials have been entered. If it starts with an Intranet IP adress use LDAP.