[jboss-jira] [JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.

Darran Lofthouse (JIRA) issues at jboss.org
Mon Sep 1 08:06:01 EDT 2014 

     [ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse reopened SECURITY-640:
---------------------------------------


> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: SECURITY-640
>                 URL: https://issues.jboss.org/browse/SECURITY-640
>             Project: PicketBox 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>         Environment: Active Directory  Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
>            Reporter: Hrishi Salvi
>            Assignee: Derek Horton
>             Fix For: Negotiation_2_2_8, Negotiation_2_3_0_CR2
>
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined 
>  <web-resource-collection>
> 			<web-resource-name>Restricted</web-resource-name>
> 			<url-pattern>/Request</url-pattern>
> 			<http-method>GET</http-method>
> 			<http-method>POST</http-method>
> 	  </web-resource-collection> 
> in web.xml
> Our application is access through Request servlet.



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the jboss-jira mailing list