We apologize for untranslated text, you can use the Google Translation button to get an automatic translation of the web page in the language of your choice.

SSO Windows NTLM Plugin


This plugin adds support for NTLM based authentication in order to provide Single Sign-On (SSO) for Windows clients.


Add this with the JCMS Plugin Manager and restart JCMS..


  1. The user opens a Windows session on its PC.
    Its authentication occurs using a Windows Domain and an Active Directory server. This domain and the Active Directory must be accessible to the server hosting JCMS.
  2. User connects to JCMS using its browser which automatically communicate the users' credential.
    With Internet Explorer this authentication is automatically sent to local intranet servers. This behavior can be modified by changing the security levels.
    With Firefox, the JCMS server hostname must be added to the configuration by modifying the property network.automatic-ntlm-auth.trusted-uris using about:config in the navigator address bar. It can also be modified in the pref.js file inside the user profile directory.
  3. The NTLM Authentication Handler receive the credential through the JCIFS NTLM filter and set the authenticaticated member (synchronizing it from LDAP/Active Directory if required).

Configure LDAP / Active Directory

Make sure LDAP is enabled and configured to connect to your Active Directory server.
Try to connect to JCMS with one of your ActiveDirectory user account to make sure the connection and the synchronisation works properly.

Configure NTLM

Configure NtlmHttpFilter in your web.xml by following instruction available on the JCIFS website : http://jcifs.samba.org/src/docs/ntlmhttpauth.html

Make sure the <filter-mapping> section of the NtlmHttpFilter is added BEFORE the <filter-mapping> section of the InitFilter. The NTLM authentication is retrieved by JCMS in the InitFilter, thus the NtlmHttpFilter must have been invoked prior to the InitFilter.

Be aware that once this filter is configured, a Windows authentication will be asked and required, no other authentication will be possible.

Tomcat 5.0 incompatible: If you are using Tomcat, make sure you use Tomcat 5.5 or better. More information about this in the french forum discussion Catégories contextuelles : Tomcat 5.0 et module NTLM


NTLM Plugin - Version 1.0.1


  • [NTLM-1] - Ldap synchronisation does not occur if member already exists


  • [NTLM-2] - Update to JCIFS library to latest version

NTLM Plugin - Version 1.0

Initial release


  • 1.0.1
  • Stable
  • JCMS 5.7
Certified by Jalios
  • Yes
  • Free Plugin
  • Jalios Support
  • Jalios SA
  • Jalios
  • 357.93 KB
  • 4/1/08
  • 5