How to implement Single Sign On using Spring and Active Directory

19
votes

I have a Spring based Web App which I would like to implement a Single Sign On solution on.

The basic flow would be:

1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory)

2) User opens browser and navigates to Spring Web App.

3) Spring Web App somehow confirms that the user is already authenticated against AD and seamlessly lets them in. i.e. no challenge for username and password. Infact, the Spring web app would NEVER show a login form.

Obviously it's step 3 I am having trouble with.

I have looked at Spring Security, Kerberos, SPNEGO but I think I've just confused myself.

If it makes a difference I am using Java 6, running on Jetty with Spring 3. The Jetty instance will be running on a *Nix machine.

1
javaspringactive-directorysingle-sign-onkerberos
I have written a custom-component for that. I covers 100 % of your case. Do you want to try that?Michael-O
Yes, I would be interested to see that please.Lawrence Tierney
Contact me through my SF.net mail address: sourceforge.net/u/michael-o/profileMichael-O
What kind of comment is that? Do you want to share an answer or not? This is an open Q&A site, "contact me privately for an answer" has no room here.kaqqao
@GaborGarami, my Spring code is based on my Tomcat SPNEGO authenticator.Michael-O

1 Answers

19
votes

I have implemented the same thing for my client. We are using spring-saml in our spring based web application (acts as Service Provider) and ADFS as Identity Provider(IDP).

You can take help from this link for configuration part. I will help you out if you face any problem related to implementation or setup issue.

Basically your web-app will act as SP and ADFS will be treated as IDP. You need to exchange both metadata file which is nothing but a certificate for communication.