Reputation: 6707

How to configure Tomcat to use Windows NTLM authentication?

I would like to use NTLM authentication with Tomcat so that Iexplorer send automatically both the user id+pwd to webapp. Is this possible?

With "BASIC" authentication IE pops up the usual pwd dialog but I want to skip this dialog. ( Note, I use JNDIReal/ldap)

Upvotes: 11

Answers (6)

Reputation: 4770

Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).

Waffle works on windows server only

Upvotes: 10

Reputation: 7290

I have used JCIFS, Waffle and IIS side by side.

JCIFS does not support NTLM v2, sometimes prompts users
Waffle support NTLM v2, but sometimes prompts user
IIS is the only solutio where promptless NTLM authentication works 100% of the time

Upvotes: 1

Reputation: 20041

You may want to check out UnboundID's LDAP solution www.unboundid.com/products/ldapsdk/ Haven't tried it yet but seems like a compromise.

Here is a quick comparison between UnboundID SDK, JNDI and Netscape SDK: www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php . It may be biased since it's on unbound's website but hey, gives you a good idea why you might consider it.

Upvotes: 2

Reputation: 63395

people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...

you should check http://www.ioplex.com/jespa.html, which is not free...

Upvotes: 1

Reputation: 1742

Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html

Upvotes: 2

Reputation: 4477

Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.

The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.

Upvotes: 4