SSO Windows NTLM Plugin
This plugin adds support for NTLM based authentication in order to provide Single Sign-On (SSO) for Windows clients.
Add this with the JCMS Plugin Manager and restart JCMS..
- The user opens a Windows session on its PC.
Its authentication occurs using a Windows Domain and an Active Directory server. This domain and the Active Directory must be accessible to the server hosting JCMS.
- User connects to JCMS using its browser which automatically communicate the users' credential.
With Internet Explorer this authentication is automatically sent to local intranet servers. This behavior can be modified by changing the security levels.
With Firefox, the JCMS server hostname must be added to the configuration by modifying the property
about:configin the navigator address bar. It can also be modified in the
pref.jsfile inside the user profile directory.
- The NTLM Authentication Handler receive the credential through the JCIFS NTLM filter and set the authenticaticated member (synchronizing it from LDAP/Active Directory if required).
Configure LDAP / Active Directory
Make sure LDAP is enabled and configured to connect to your Active Directory server.
Try to connect to JCMS with one of your ActiveDirectory user account to make sure the connection and the synchronisation works properly.
Configure NtlmHttpFilter in your web.xml by following instruction available on the JCIFS website : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
Make sure the <filter-mapping> section of the NtlmHttpFilter is added BEFORE the <filter-mapping> section of the InitFilter. The NTLM authentication is retrieved by JCMS in the InitFilter, thus the NtlmHttpFilter must have been invoked prior to the InitFilter.
Be aware that once this filter is configured, a Windows authentication will be asked and required, no other authentication will be possible.
Tomcat 5.0 incompatible: If you are using Tomcat, make sure you use Tomcat 5.5 or better. More information about this in the french forum discussion Catégories contextuelles : Tomcat 5.0 et module NTLM
NTLM Plugin - Version 1.0.1
- [NTLM-1] - Ldap synchronisation does not occur if member already exists
- [NTLM-2] - Update to JCIFS library to latest version
NTLM Plugin - Version 1.0