On 2011-11-21, at 3:43 AM, Henrique Gomes wrote: > > On Nov 21, 2011, at 8:34 AM, Karl wrote: > >> Hi, >> >> We have a client who wants to use NTLM authentication for our WOApp to >> provide single sign on for their Windows users. Has anyone actually done >> this before? >> >> We are hosting the app on Mac OS X 10.7 using Java 6 and Apache 2.x. >> >> Any information would be appreciated. >> >> Karl > > > The way I would do it (and will really soon for a project) is to have apache > handle the authentication of the user if the URL is something like /wa/login. > You could use the ntlm module for apache. > > Actually, since I never done in WO, that leads me to question how I would > retrieve the REMOTE_USER from the apache request?
It is just a request header, so like this (ExternalAuthenticationUserHeaderKey
is "remote_user":
if
(SMApplication.appProperties().booleanPropertyForKey(SMApplication.UsesExternalAuthenticationKey))
{
String userIDFromExternalAuthentication =
context().request().headerForKey(
SMApplication.appProperties().propertyForKey(SMApplication.ExternalAuthenticationUserHeaderKey));
if (! StringAdditions.isEmpty(userIDFromExternalAuthentication))
{
userIDFromExternalAuthentication =
User.canonicalUserID(userIDFromExternalAuthentication);
Chuck
>
> (Since windows domains are really kerberos, you could also use kerberos
> authentication, you would need a HTTP/hostname principal created on the
> windows kerberos server. There are mails about in on the archives)
>
> HG
--
Chuck Hill Senior Consultant / VP Development
Practical WebObjects - for developers who want to increase their overall
knowledge of WebObjects or who are trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to [email protected]
