0

Hi I have a spring mvc rest services and I want to establish security system with active directory. My Scenario, User login its pc and make a call over explorer or postman something like that.

My rest service understand current credential and check authorization

My rest service works on windows or linux.

How can I build this integration.

I read some article some people advice kerberos integration but that needs keytab to run .Is it possible to run without keytab or some other integration formula.

Bilgehan
  • 1,135
  • 1
  • 14
  • 41

1 Answers1

0

If you are interested in SSO login via Kerberos then you need keytab. If you do not need SSO (form login is an option) then you could use Kerberos without keytab (user has to provide credentials which will be validated by AD, not your app). You can follow this doc to setup Kerberos login: https://docs.spring.io/spring-security-kerberos/docs/current/reference/htmlsingle/index.html#ssk-authprovider. The most important configuration here is:

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
        .authenticationProvider(kerberosAuthenticationProvider());
}

@Bean
public KerberosAuthenticationProvider kerberosAuthenticationProvider() {
    KerberosAuthenticationProvider provider =
            new KerberosAuthenticationProvider();
    SunJaasKerberosClient client = new SunJaasKerberosClient();
    client.setDebug(true);
    provider.setKerberosClient(client);
    provider.setUserDetailsService(dummyUserDetailsService());
    return provider;
}

As an alternative (if you need SSO, but Kerberos is not required) you could use Active Directory Federation Services with Spring SAML. Implementation of SAML with ADFS is out of the scope of this simple answer, so I just leave a Spring reference doc. You should verify by yourself if this is a viable option for you.

akoz
  • 371
  • 3
  • 14