SSO via Java in a MS world AD (ActiveDirecory and IE)
Hi every one,
I come to redefine my previous post, maybe I wasn't clear enough,
that's why i seem to get no help...
do some of you know how i can decode and handle myself SSO with AD ?
To be more precise , I've already setup an clean config :
An AD server (W2K3) on comupter "Main",
an host for my application on comupter "SRV",
a client trying to connect to my service on that previously mentionned host,
Every computer is logged on the AD network,
I've created every config elements already (via use of SPN; ktab etc.. )
So I got my keytab...
I've made a simple test by trying IE with some fake IIS on "SRV", it's OK
Now what i'm trying to do is to achieve this by myself
I got a simple plain java app, serving a dumb http service
When IE try to connect it, I http 401 Autorization: Negotiate, so IE goes and get TGS from the AD station and sends it back to me as part of the Http header :
Authorization: Negotiate YIIFCQYGKwYBBQUCoIIE/TCCBPmgMDAuBgkqh..........
So my question is this, my dear experts :
could you help me figure out what to do next ?
How can I extract this krb5 token hidden there beneath the encoding;
then when this is done what to do with this so i can know which user is logged on that client session so I can print a fabulous
"Hello Mister Duke ! You are still one of the best ;-) "
Then I will be abe to say , Ok guys now I know and understand what SSO bridge between Java and MS AD can be
Any help ?
