[jboss-jira] [JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.

Derek Horton (JIRA) issues at jboss.org
Wed Apr 16 12:30:33 EDT 2014 

     [ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Derek Horton updated SECURITY-640:
----------------------------------

    Git Pull Request: https://github.com/wildfly/jboss-negotiation/pull/4

    
> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-640
>                 URL: https://issues.jboss.org/browse/SECURITY-640
>             Project: PicketBox 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>         Environment: Active Directory  Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
>            Reporter: Hrishi Salvi
>            Assignee: Derek Horton
>             Fix For: Negotiation_2_3_0_CR2
>
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined 
>  <web-resource-collection>
> 			<web-resource-name>Restricted</web-resource-name>
> 			<url-pattern>/Request</url-pattern>
> 			<http-method>GET</http-method>
> 			<http-method>POST</http-method>
> 	  </web-resource-collection> 
> in web.xml
> Our application is access through Request servlet.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list