21

I have a Spring based Web App which I would like to implement a Single Sign On solution on.

The basic flow would be:

1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory)

2) User opens browser and navigates to Spring Web App.

3) Spring Web App somehow confirms that the user is already authenticated against AD and seamlessly lets them in. i.e. no challenge for username and password. Infact, the Spring web app would NEVER show a login form.

Obviously it's step 3 I am having trouble with.

I have looked at Spring Security, Kerberos, SPNEGO but I think I've just confused myself.

If it makes a difference I am using Java 6, running on Jetty with Spring 3. The Jetty instance will be running on a *Nix machine.

Lawrence Tierney
  • 856
  • 1
  • 12
  • 30
  • I have written a custom-component for that. I covers 100 % of your case. Do you want to try that? – Michael-O Aug 02 '13 at 20:06
  • Yes, I would be interested to see that please. – Lawrence Tierney Aug 03 '13 at 11:08
  • Contact me through my SF.net mail address: http://sourceforge.net/u/michael-o/profile – Michael-O Aug 03 '13 at 17:30
  • 9
    What kind of comment is that? Do you want to share an answer or not? This is an open Q&A site, "contact me privately for an answer" has no room here. – kaqqao Apr 06 '15 at 18:31
  • I second with kaqqao, Michael's comment is not a solution just selling a product (even if he gives the code free). @Michael-O could you share your solution with us without asking it from you via any private way? – Gabor Garami Apr 07 '15 at 13:05
  • @GaborGarami, yes I can but I need to remove company-related code and POMs first. This is why I cannot disclose it right now. It wouldn't even compile without our internal Nexus instance. – Michael-O Apr 07 '15 at 18:55
  • @Michael-O I did not say share us a code if it is contains unshareable pieces. Share at least the idea with us because it can help a lot even without a real code. But offering a private solution is not match with the principles why this whole site exists. – Gabor Garami Apr 08 '15 at 08:43
  • 2
    @GaborGarami, my Spring code is based on my [Tomcat SPNEGO authenticator](http://tomcatspnegoad.sf.net/). – Michael-O Apr 08 '15 at 09:26
  • @Michael-O thanks for clarification. This information would be much more helpful to other visitors than "could you mail me to send a secret answer?" -typed replies. – Gabor Garami Apr 09 '15 at 09:21
  • @GaborGarami, sorry for the noise. I credo is to release all software as OS from work which is generic enough. – Michael-O Apr 09 '15 at 10:06
  • this https://stackoverflow.com/questions/33257969/windows-ad-single-sign-on-using-javascript-and-node has a solution that doesn't even require any special configuration except writing the nodejs script and including the lib. It simply works. – Emmanuel Mahuni Feb 02 '20 at 04:28

1 Answers1

19

I have implemented the same thing for my client. We are using spring-saml in our spring based web application (acts as Service Provider) and ADFS as Identity Provider(IDP).

You can take help from this link for configuration part. I will help you out if you face any problem related to implementation or setup issue.

Basically your web-app will act as SP and ADFS will be treated as IDP. You need to exchange both metadata file which is nothing but a certificate for communication.

ManojP
  • 6,113
  • 2
  • 37
  • 49