Reputation: 1316
Active directory service setup
I am new to active directory programming. I need to set up a service which only an authenticated active directory user can use. I have been reading the msdn docs. My idea of the whole set up is as follows now,
- I have added my pc in the AD domain, I have created the user. (both manually)
- I wrote a simple REST service which returns "Hello world" on a GET call. I have read about "service publication" in the https://learn.microsoft.com/en-us/windows/desktop/ad/publishing-with-service-connection-points. Though do not know right now how can I register my REST service as a active directory object. Any example/lead in that direction would be helpful.
- What I finally want to do is similar to https://learn.microsoft.com/en-us/windows/desktop/ad/mutual-authentication-using-kerberos
a client application uses a service instance's service connection point (SCP) object in Active Directory Domain Services to retrieve data from which to compose an SPN for the service.
So my main question is it possible to register a web service like my example to be registered as an active directory "domain enabled" service?
If you need more details on the context please let me know. If this question is too easy for you, then I apologize in advance, I looked around for some days by now, it is still not clear to me yet :(
Upvotes: 1
Views: 301
Answers (1)
Reputation: 614
You have at least 2 options
- as you have a java service it's served from some java http server being jetty, tomcat, netty or whatever else. Configure your http server to authenticate/authorize against windows domain using Kerberos or NTLM or both depending on the MS environment you work in. Depending on the http server you use you can find some integration howtos server specific like e.g. https://tomcat.apache.org/tomcat-8.0-doc/windows-auth-howto.html or check the general java howtos e.g. https://docs.oracle.com/javase/10/security/single-sign-using-kerberos-java1.htm
- or you can use an existing (if it's there of course) IIS as a proxy for you service and configure authentication/authorization there as it has necessary integrations ootb
In both cases you will need to deal with a AD account for you service/http server, a SPN (e.g HTTP/yourservice.com) bound to this account and a keytab.
The rest depends on the level of integration you want to achieve.
Hope it helps.
Upvotes: 1
Related Questions
- Java process for authentication on Windows against AD (kerberos)
- How to implement Single Sign On using Spring and Active Directory
- Java SSO: Kerberos authentication against Active Directory
- How to connect with Java into Active Directory
- wildfly (9) + kerberos + ldap (Active Directory)
- ADFS authentication and impersonation from a Java (Spring MVC under Jetty) application
- Java Kerberos authentication using Active Directory User Principal Name
- How to use embedded Jetty Server 9 with Kerberos authentication?
- Jetty ldap authentication
- Authenticating with Active Directory via Kerberos