Java SSO: Kerberos authentication against Active Directory

Question

I\'m still trying to find a Java based solution for SSO (running on *nix), which I can use on JBoss to authorize against an Active Directory/domain controller. I initially t

Answer 1

To do this, you actually need to use LDAP. Luckily for you, Java has solid support for both Kerberos and LDAP. The detailed procedure is at http://java.sun.com/products/jndi/tutorial/ldap/security/gssapi.html .

Overview of steps:

• Authenticate to Kerberos
• Use Kerberos to assume user identity
• Perform GSSAPI bind to Active Directory LDAP server
• Retrieve group list over LDAP