Search code examples
javasingle-sign-onwildfly

Java SSO with Wildfly 8, Java 1.8.0_45 and Active Directory

I was searching a lot about this topic but can't find a solution.

Short description of the requirements:

  • SSO on a WebApp under Wildfly 8.2
  • Authenticate the Windows User to the Active Directory
  • Fallback to Login Form, when SSO fails
  • Running in a Domain Configuration of Wildfly

Environment:

  • Microsoft AD Windows Server 2012 R2 (1. Machine)
  • Microsoft Server 2012 R2 with Wildfly 8.2 (2. Machine)
  • The 2.Machine yas joined the Domain

What I tried so far, is bound the AD and the Wildfly Server via ktpass, kinit, ... it works!

  1. Tried following: github.com/dstraub/spnego-wildfly Is NOT working in fact, that there is no fallback (form based) and a Problem with the Java Version 1.8.0_45 sourceforge.net/p/spnego/discussion/1003769/thread/700b6941/#cb84.

  2. Tried next: github.com/kwart/spnego-demo Also not working, it seems the Wildfly 8.2 has a different behavior.

  3. WAFFLE Library: Cannot bring that to work under Wildfly, good support for Tomcat but not more.

Has someone made experience with this configuration an has a solution for that?

Solution

  • Here is the explanation:

    1. I've created a webapp with following libraries included:

      • guava-18.0.jar
      • jna-4.1.0.jar
      • jna-platform-4.1.0.jar
      • slf4j-api-1.7.12.jar
      • waffle-jna-1.7.4.jar

    2. I've declared the Webfilter in the web.xml:

    <filter>
    <filter-name>SecurityFilter</filter-name>
    <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
    <filter-name>SecurityFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
    1. After that you can read the user from the HttpServletRequest
    public String getUserName() {
    Enumeration<String> headerNames = servletRequest.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String headerName = headerNames.nextElement();
        String headerValue = servletRequest.getHeader(headerName);
        System.out.println("Header Name:" + headerName + " " + headerValue);
    }       
    return servletRequest.getUserPrincipal().getName();
}
    1. Configuring your Browser for Single-SignOn:

    https://github.com/dblock/waffle/blob/master/Docs/ConfiguringBrowsers.md