Situation:
Operations Center server and Java client running in Windows AD environment.
Currently existing SSO alternative for Operations Center Java client is way too complicated for implementation, requires additional reverse proxy, etc., and is not preferred by customers.
Solution:
Existing Windows AD user credentials might be used by the Operations Center Java client, so that the Operations Center user does not need to login into the Java client again, because he/she has already been authenticated to the AD on given Windows PC, and the Operations Center server on the other side of the security chain can get the same user synchronized with AD server, via LDAP.
Following simple logic:
- Operations Center Java client reads during the loading phase the local client PC security context/user, in the form of fully distinguished AD name
- this string gets compared against known Operations Center server users database
- if the match is found, then the client loads, using this specific user access rights, and without showing the login window, otherwise default login window appears
- this would only be allowed if specific property on server side is set to ENABLED
For the Java code on the client side following link might help:
http://tuhrig.de/a-windows-sso-for-java-on-client-and-server/
by: Rostislav L. | over a year ago | Operations Center
Comments
Thanks for input. I am working on it and will let back to you.