[jboss-jira] [JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.

Hrishi Salvi (JIRA) jira-events at lists.jboss.org
Fri Jan 13 06:01:24 EST 2012 

    [ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12659166#comment-12659166 ] 

Hrishi Salvi commented on SECURITY-640:
---------------------------------------

Darran, thanks for quick response; can you share forum link where we can raise this? We are using JBoss 6.1, Jboss Negotiation Version: 2.1.0.GA which is by default shipped with Jboss 6.1, we have not made any changes in jar.
                
> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-640
>                 URL: https://issues.jboss.org/browse/SECURITY-640
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>         Environment: Active Directory  Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
>            Reporter: Hrishi Salvi
>            Assignee: Darran Lofthouse
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined 
>  <web-resource-collection>
> 			<web-resource-name>Restricted</web-resource-name>
> 			<url-pattern>/Request</url-pattern>
> 			<http-method>GET</http-method>
> 			<http-method>POST</http-method>
> 	  </web-resource-collection> 
> in web.xml
> Our application is access through Request servlet.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list