AuthFilter
Single Sign-On
MapleSail AuthFilter is a servlet authentication filter that enables Kerberos Single Sign-On (SSO) for J2EE platforms in a Microsoft Active Directory environment. You can easily add AuthFilter to your web application to authenticate Windows users without requiring them to provide user name and password.Credential Delegation
Using AuthFilter, you can also get the delegated Kerberos credential and perform end-to-end SSO to other protected resource like back-end servers or databases. The following code snap shows you how to get the delegated credential,GSSCredential.
import com.maplesail.security.Context; GSSContext context = Context.GetGSSContext(request); GSSCredential gssCredential = context.getDelegCred();
Deployment
The implementation of the filter is based on standard Java SE SPNEGO support, so it requires the setup of JAAS login configuration file and Kerberos configuration file. To learn more about how to deploy the AuthFilter, please read the deployment guide, which is also included in the release package.
Known Limitations
- Kerberos Constrained Delegation is not supported.
- Microsoft NTLM authentication protocol is not supported.