> On Dec 12, 2019, at 8:23 AM, Daniel Fuchs <daniel.fu...@oracle.com> wrote:
>
> Hi,
>
> By default transparent authentication is disabled on windows.
> You may have to specify a non-default value for the
> jdk.http.ntlm.transparentAuth property [1], or configure
> an Authenticator [2] that has the appropriate credentials.
The above is for NTLM.
For the Negotiate scheme, it's almost out-of-box.
1. Java is able to find realm and KDC via environment variables
2. Java can use the LSA cache if a realm user is logged in
but you'll need a special registry key [1] set for #2 above.
Or you can bridge to a native GSS library, you need to set the system property
sun.security.jgss.native to true. JDK 13 contains its own native GSS library
but if you're still on JDK 11, you also need to point the system property
sun.security.jgss.lib to a 3rd-party GSS library (Ex: from MIT).
--Max
[1]
https://support.microsoft.com/en-us/help/2627903/access-to-session-keys-not-possible-using-a-restricted-token
>
> [1] https://bugs.openjdk.java.net/browse/JDK-8225506
> [2]
> https://docs.oracle.com/en/java/javase/13/docs/api/java.base/java/net/HttpURLConnection.html#setAuthenticator(java.net.Authenticator)
>
> best regards,
>
> -- daniel
>
> On 10/12/19 21:11, Marcin Wiśnicki wrote:
>> Forgive me for asking possibly silly question but I looked everywhere and
>> couldn't find a simple answer to this question:
>> If I use standard java.net <http://java.net> classes to establish connection
>> to HTTP server that uses SPNEGO authentication (AD) from a Windows machine
>> that's joined to AD, without further configuration, is this supposed to work?
>
