Hello,
trying to implement some kerberos authentification, and all works fine if
authenticating local user, but when i try to authenticate
remote user with servlet, through Internet Explorer i keep getting the
NTLM
token not the SPNEGO.
I have done following things:
1. put the requesting site in IE to local-network
2. in the IE extended security option enable Integrated Windows
Authentication
then you should see a client response something like YIll....... which is
true.
(nope i get
TlRMTVNTUAABAAAAB7IIogoACgAuAAAABgAGACgAAAAFASgKAAAAD0ZJTElQTUNSRURPQkFOS0E=
which is NTLM)
To configure Intranet Authentication:
1. Click the Security tab, click Local intranet, and then click Custom
Level.
2. In the Security Settings dialog box, scroll down to the User
Authentication section of the list.
3. Select Automatic logon only in Intranet zone. This setting prevents
users
from having to re-enter logon credentials; a key piece to this solution.
4. Click OK to close the Security Settings dialog box.
In addition to the previous settings, one additional setting is required
if
you are running Internet Explorer 6.0.
1. In Internet Explorer, click Tools, and then click Internet Options.
2. Click the Advanced tab.
3. Scroll down to the Security section.
4. Make sure that Enable Integrated Windows Authentication (requires
restart) is checked, and then click OK.
5. If this box was not checked, restart the browser.
I do have JCIFS NTLM setup for entering the site, but afterwards i need to
do authorisation with Kerberos to authenticate with EIM to work with
jt400
on as400.
So when i do
httpServletResponse.setHeader("WWW-Authenticate", "Negotiate");
i allways get the NTLM token.
Searched the web couldn't find anything apart from the above given steps.
|
