We are trying to do a Single Sign On from another application and were wondering if Rx has the capability for using NTLM?
Thanks,
Veeren
We are trying to do a Single Sign On from another application and were wondering if Rx has the capability for using NTLM?
Thanks,
Veeren
If Rx does have NTLM authentication, how would I go about enabling it? And would it be able to work in addition to whatever current authentication we have set up?
Thanks,
Veeren
No, Rhythmyx has no native NTLM support. It only interacts with Active Directory via LDAP.
I see.
We are trying to do Single Sign-on from another web application. Do you have any suggestions?
We tried doing a JBoss SSO but it won’t work in our prod environment because the applications are on different JBoss servers.
Thanks,
Veeren
If you are going to authenticate against AD this java code might be helpful in getting things setup:
package test;
import java.util.Hashtable;
import javax.naming.ldap.;
import javax.naming.directory.;
import javax.naming.*;
public class searchdigest
{
public static void check(String filter)
{
System.out.println("===========");
System.out.println(“Ldap Filter:” + filter);
Hashtable env = new Hashtable();
//Must use either the userPrincipalName or samAccountName,
//Cannot use the distinguished name
//String adminName = "Administrator@antipodes.com";
String adminPassword = "***";
String ldapURL = "ldap://youradserver.school.edu:389";
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
//set security credentials, note using DIGEST-MD5
//Requires user account to be stored with reversible encryption
env.put(Context.SECURITY_AUTHENTICATION,"DIGEST-MD5");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
//Could also use DIGEST-MD5 to protect the communications
//Eg. auth-int;integrity, auth-conf;confidentiality
//env.put("javax.security.sasl.qop","auth-conf");
//And could also request the level of crypto
//Eg. low, medium, high
//env.put("javax.security.sasl.strength","high");
//connect to my domain controller
env.put(Context.PROVIDER_URL,ldapURL);
try {
// Create the initial directory context
DirContext ctx = new InitialLdapContext(env,null);
// Create the search controls
SearchControls searchCtls = new SearchControls();
//Specify the attributes to return
String returnedAtts[]={"sn","givenName"};
searchCtls.setReturningAttributes(returnedAtts);
//Specify the search scope
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
//specify the LDAP search filter
String searchFilter = filter;
//Specify the Base for the search
String searchBase = "OU=Accounts,DC=school,DC=edu";
//initialize counter to total the results
int totalResults = 0;
// Search for objects using the filter
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
//Loop through the search results
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult)answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
// Print out some of the attributes, catch the exception if the attributes have no values
Attributes attrs = sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" mail: " + attrs.get("mail").get());
}
catch (NullPointerException e) {
System.out.println();
}
}
}
System.out.println("Total results: " + totalResults);
ctx.close();
}
catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
}
}
public static void main (String[] args)
{
String filter = "mail=a*";
searchdigest.check(filter);
}
}
==========
If you get the code above to work after changing to ad server and connection parameters then you are talking to your AD server.
Next thing to do is to authenticate against it.
Here are some links on the subject matter:
http://geekswithblogs.net/mhamilton/archive/2005/10/04/55920.aspx
http://www.ldapman.org/authentication/index.html
To test your binding parameters this Novell library mentioned here is useful:
http://www.codeproject.com/KB/system/eDirectoryAuthentication.aspx
Once you have the above working, the next step is to get a trace on on port 389 with something like wireshark http://www.wireshark.org/ .
Then you can tell if you ldap cms parameters being sent match you test code developed with using the Novell libraries.
barre57e,
thanks for the post. I’ll pass it on to our SEs who are working on getting this set up.
Thanks,
Veeren