Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Integrating Crowd with Spring Security and NTLM

Deleted user October 13, 2011

We are planning to use Crowd for an custom application by integrating with Spring Security. Besides we want to provide SSO by NTLM for our customer.

My questions:

  1. Where the integrated windows authentication must be checked? Is it done by Crowd or has the remote user to be checked by our application itself?
  2. Which NTLM versions are supported by Crowd?

Thanks in advance,

Ralf Borchers

Communardo Software GmbH

Watch
Like Be the first to like this
1272 views

3 answers

1 accepted

Comments for this post are closed

Community moderators have prevented the ability to post new answers.

Post a new question

1 vote
Answer accepted
Jim Bethancourt
Jim Bethancourt
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
October 31, 2011

I've been working on an NTLM-based SSO module for a while now that's based on the Windows Integrated Authentication for Crowd-enabled Applications code. Unfortunately that code is a bit dated but migrating it to use the Crowd REST library is fairly straightforward. I've used a substantial portion of the NTLM code from the Servlet Filter classes of the Spring Security NTLM extension library to in my own code make it easier to follow.

Answer to Question 1:

Crowd itself doesn't support NTLM - you'll need to write a servlet filter or use the Servlet filter code that is in the WIA code.

What I've learned so The NTLM authentication handshake process will happen between the browser and the domain controller. Once this happens, you'll call the 

RestCrowdHttpAuthenticationFactory.getAuthenticator().authenticateWithoutValidatingPassword(request, response, userName);

method because the user will have been authenticated at that point.

Answer to Question 2:

Since you have to do the NTLM authentication in your code, you can support whichever versions you'd like. :-)

I have a slightly more difficult task of preventing the HTTP Authentication box from popping up and redirecting users to a login page, though it looks like using the AuthenticationFailureHandler class may work to make this happen (not sure if this is a requirement for you, but I thought I'd mention it just in case it is).

Reply
0 votes
Bruno Vincent
Bruno Vincent
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
September 10, 2015

The IWAAC plugin (Integrated Windows Authentication for Apps using Crowd) does exactly what you are looking for. It is based on Kerberos: https://marketplace.atlassian.com/plugins/com.cleito.iwaac/server/overview

You can download IWAAC and test it for free at: https://www.cleito.com/products/iwaac/

Reply
0 votes
Ed Letifov _TechTime - New Zealand_
Ed Letifov _TechTime - New Zealand_
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
December 15, 2011

As an example of how you do NTLM/NTLMv2 authentication in a platform-independent manner in a Java application (not necessarily spring enabled) I can refer to TechTime NTLMv2/NTLMv1 authenticator for seraph-enabled applications, like Jira and Confluence.

http://techtime.co.nz/x/AwCxAg

The NTLM Authenticator works in conjunction with IOPlex Jespa library (http://www.ioplex.com).
Jespa provides the core class you can call on from a servlet filter of your application.

Our authenticator works both in Crowd environment as well as without Crowd.

Reply
Atlassian logo
Answers Developer Questions
TAGS
AUG Leaders

Atlassian Community Events

    See all events