We apologize for untranslated text, you can use the Google Translation button to get an automatic translation of the web page in the language of your choice.

SSO Windows NTLM Plugin 2.1.2

Description

This plugin adds support for NTLM based authentication in order to provide Single Sign-On (SSO) for Windows clients.


Installation

Attention :

This plugins uses the NTLM v1 which is no longer supported by Microsoft.

We strongly advise the use of the Windows Authentication - Waffle Plugin which provide Single Sign On (SSO) for Windows clients using SPNEGO (NTLMv2 & Kerberos) protocols..

 

Installation

Add this with the JCMS Plugin Manager and restart JCMS..

Principle

  1. The user opens a Windows session on its PC.
    Its authentication occurs using a Windows Domain and an Active Directory server. This domain and the Active Directory must be accessible to the server hosting JCMS.
  2. User connects to JCMS using its browser which automatically communicate the users' credential.
    With Internet Explorer this authentication is automatically sent to local intranet servers. This behavior can be modified by changing the security levels.
    With Firefox, the JCMS server hostname must be added to the configuration by modifying the property network.automatic-ntlm-auth.trusted-uris using about:config in the navigator address bar. It can also be modified in the pref.js file inside the user profile directory.
  3. The NTLM Authentication Handler receive the credential through the JCIFS NTLM filter and set the authenticaticated member (synchronizing it from LDAP/Active Directory if required).

Configure LDAP / Active Directory

Make sure LDAP is enabled and configured to connect to your Active Directory server.
Try to connect to JCMS with one of your ActiveDirectory user account to make sure the connection and the synchronisation works properly.

Configure NTLM

Configure NtlmHttpFilter in your web.xml by following instruction available on the JCIFS website : http://jcifs.samba.org/src/docs/ntlmhttpauth.html

Make sure the <filter> and <filter-mapping> sections of the NtlmHttpFilter are added BEFORE the corresponding <filter> and <filter-mapping> section of the InitFilter. The NTLM authentication is retrieved by JCMS in the InitFilter, thus the NtlmHttpFilter must have been invoked prior to the InitFilter.

       <filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>192.168.0.42</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>MYDOMAIN</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>anyUserOfMydomain</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>passwordOfUser</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.lmCompatibility</param-name>
<param-value>0</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.useExtendedSecurity</param-name>
<param-value>false</param-value>
</init-param>
</filter>

<filter>
<filter-name>initFilter</filter-name>
<filter-class>jcom.jalios.jcms.servlet.InitFilter</filter-class>
[...]
</filter>

[...]

<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<filter-mapping>
<filter-name>initFilter</filter-name>
<filter-class>jcom.jalios.jcms.servlet.InitFilter</filter-class>
[...]
</filter-mapping>

Be aware that once this filter is configured, a Windows authentication will be asked and required, no other authentication will be possible.


Changes

NTLM Plugin - Version 2.1.2

Compatibility with JCMS 7

NTLM Plugin - Version 2.1.1

Improvement

  • Allow JCIFS logging through log4j (a declaration of InitNtlmHttpFilterLog is required in web.xml)
  • Update JCIFS library to version 1.3.12 (jcifs.smb.lmCompatibility=0 and jcifs.smb.client.useExtendedSecurity=false required in web.xml)

NTLM Plugin - Version 2.1

New feature

  • [NTLM-4] - Allow both NTLM and JCMS authentication using rule based mecanism

NTLM Plugin - Version 2.0

Improvement

  • Add compatibility with JCMS 6
  • Update JCIFS library

NTLM Plugin - Version 1.0.1

Bug

  • [NTLM-1] - Ldap synchronisation does not occur if member already exists

Improvement

  • [NTLM-2] - Update to JCIFS library to latest version

NTLM Plugin - Version 1.0

Initial release

Information

Version
  • 2.1.2
Stability
  • Stable
Compatibility
  • JCMS 6.0
    JCMS 6.1
    JCMS 7
    JCMS 8
Certified by Jalios
  • Yes
Price
  • Module gratuit
Support
  • Jalios Support
Author
  • Jalios SA
License
  • Jalios
Size
  • 466.92 KB
Updated
  • 2/7/11
Download
  • 24