Smalltalk › Cincom › VisualWorks

[vwnc] Authentication against Active Directory

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

3 messages Options

Guerrero, Axel

[vwnc] Authentication against Active Directory

Hi all,

I’m looking for ideas on how to authenticate against Active Directory from a rich-gui client.

I have a solution already using LDAP using SSL, but I have to prompt the user for the credentials.

My client would like me to avoid prompting for the credentials and instead query the OS for security credentials (similar to how Outlook does not prompt for credentials on a domain computer). They mentioned Kerberos, but I know little about it from an API perspective.

Has anyone dealt with this kind of problem before?

Axel Guerrero

[hidden email]

_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

Janko Mivšek

Re: [vwnc] Authentication against Active Directory

Hi Axel,

I recently made Aida-LDAP addon to authenticate users on Aida websites
against the LDAP directory, using the LDAP package from VW public
repository,

Currently the LDAP connection is done in plain text and I'm looking how
hard would be to upgrade LDAP package to support SSL. It seems not to
hard, because all TCP communication is in class LDAPConnThread, which is
understandable enough.

It seems the ideal authentication in MS world is with Kerberos, but this
protocol is pretty complex to implement. For single sign-on
functionality of web applications I'd rather implement the NLTM
authentication, which works from IE and with right addon also from FireFox.

Other way can be to use SSL client certificates for authentication over
SSL, this can be done probably simple enough in GUI apps as well.

Hope this helps a bit
Janko

On 26. 01. 2010 22:04, Guerrero, Axel wrote:

> I’m looking for ideas on how to authenticate against Active Directory
> from a rich-gui client.
>
> I have a solution already using LDAP using SSL, but I have to prompt the
> user for the credentials.
>
> My client would like me to avoid prompting for the credentials and
> instead query the OS for security credentials (similar to how Outlook
> does not prompt for credentials on a domain computer). They mentioned
> Kerberos, but I know little about it from an API perspective.
>
> Has anyone dealt with this kind of problem before?
>
> Axel Guerrero
> > [hidden email]

--
Janko Mivšek
AIDA/Web
Smalltalk Web Application Server
http://www.aidaweb.si
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc

Holger Kleinsorgen-4

Re: [vwnc] Authentication against Active Directory

In reply to this post by Guerrero, Axel

Hello Axel,

you should have a look at SSPI (Microsoft) or GSS-API (IETF standard).
They provide a unified interface for various securiy packages. For
instance, SSPI allows to use NTLM, Negotiate and Kerberos.

In the public Store repository, I've published a package called SSPI a
while ago. It focuses on HTTP client authentication and does not support
the GSS-API, but might be useful for other kinds of client/server
authentication. See the exmples on the class side of SecurityContext.

Am 26.01.2010 22:04, schrieb Guerrero, Axel:
> Hi all,
>
> I’m looking for ideas on how to authenticate against Active Directory
> from a rich-gui client.
>
> I have a solution already using LDAP using SSL, but I have to prompt the
> user for the credentials.
>
> My client would like me to avoid prompting for the credentials and
> instead query the OS for security credentials (similar to how Outlook
> does not prompt for credentials on a domain computer). They mentioned
> Kerberos, but I know little about it from an API perspective.
>
> Has anyone dealt with this kind of problem before?
_______________________________________________
vwnc mailing list
[hidden email]
http://lists.cs.uiuc.edu/mailman/listinfo/vwnc