Vintela has released Vintela Single Sign-on for Java (VSJ) 3, a tool which integrates J2EE servers with Microsoft Active Directory, allowing users to authenticate to the Java applications they require with the same Active Directory username and password they use in the Windows world, using Kerberos.
- Posted by: Floyd Marinescu
- Posted on: March 15 2005 12:00 EST
VSJ usees the Windows Integrated Authentication mechanism to
provide strong Kerberos single sign-on authentication between users and applications.
When integrated with a related product (Vintela Authentication Services) VSJ can extend the same Kerberos credential to Unix and Linux environments as well.
Check out Vintela Identity Integration for J2EE Environments.
I recently looked into implementing an AD (used as Kerberos) SSO solution with Java, and it seems that these guys (now that they have wedgetail) are the only choice. While I'm not absolutely opposed to paying money for good software, I am opposed to encouraging a monopoly.
Plus, this is Kerberos - if you can't get OSS for such a well established open standard what hope is there?
Does anyone know of Java apis for absolutely plain (raw ticket) Win/AD/Kerberos SSO operation - ie get service ticket on client (easy enough to get TGT, but then what), verify ticket on server.
(the protocol is message based [web services] so GSSAPI is completely useless)
No Kerberos support that I have seen, but a FOSS project that offers transparent NTLM over HTTP for web applications:
Although JCIFS offers seamless SSO solution for (IE browsers + Windows OS Desktop) using AD or NT domains for auth, it only does that using NTLM v1, something that leverages NetBIOS and not native DDNS or ADSI (Active Directory Services Interface).
As MS and windows continue there reliance on DNS and Kerberos for authentication, and as they move away from NetBIOS the NTLM v1 will be thing of past and will not be supported on most of the enterprise networks for Windows AD SSO...