[jcifs] NTLM Auth, custom login page
Laurent Michenaud
lmichenaud at adeuza.fr
Wed Oct 20 16:23:54 GMT 2004
I think that Oracle SSO uses the user-agent.
With IE, automatic authentification activated => i am logged and we can
see a 401 status code in the Apache log
With IE, automatic authentification desactivated => i've got the login
dialog box of the browser and we can see a 401 status code in the Apache log
With Firefox => i am redirected to the sso login page and there is no
401 status code in the Apache log
Is there any way to "crack" the user-agent property in the browser so
that, for example, the sso server believes it is IE instead of firefox ?
Scovetta, Michael V a écrit :
>I think the problem is that browsers do not announce the fact that they do silent vs. non-silent authentication. That's an application-level event-- there's simply nothing to pass to the client to have them do it, and from the server's point of view, when the auth comes back, it looks identical whether it comes from IE or firefox.
>
>I may be wrong, of course-- someone please correct me if I am...
>
>Thanks--
>M
>
>-----Original Message-----
>From: Laurent Michenaud [mailto:lmichenaud at adeuza.fr]
>Sent: Wednesday, October 20, 2004 10:49 AM
>To: Scovetta, Michael V
>Cc: jcifs at lists.samba.org
>Subject: Re: [jcifs] NTLM Auth, custom login page
>
>I think it is not the clean way.
>
>In the NTLM process, at which step u know that the browser doesnot
>support silent login ?
>
>The best from my point of view would be to have in the jcifs properties
>something like :
>jcifs.redirect.login.url = http://mywebapp/login.jsp
>
>This page would be called when browser silent login fails.
>The login page may submit the login/password value to a jcifs servlet
>that will do NTLM authentification.
>
>It is a kind of feature request ;)
>
>Scovetta, Michael V a écrit :
>
>
>
>>Laurent,
>>
>>If you either add a filter before jcifs or modify the jcifs filter, you
>>can make a choice depending on the user-agent passed in the headers.
>>It's not fool-proof, but you should be able to get pretty accurate. A
>>list of user-agents is here:
>> http://www.zytrax.com/tech/web/browser_ids.htm
>>
>>Mike
>>
>>-----Original Message-----
>>From: jcifs-bounces+michael.scovetta=ca.com at lists.samba.org
>>[mailto:jcifs-bounces+michael.scovetta=ca.com at lists.samba.org] On Behalf
>>Of Laurent Michenaud
>>Sent: Wednesday, October 20, 2004 7:52 AM
>>To: jcifs at lists.samba.org
>>Subject: [jcifs] NTLM Auth, custom login page
>>
>>Hi,
>>
>>I've tested the NTLM auth example and it works great with IE.
>>The user is automatically identified.
>>I have tested with Firefox and i've got the traditionnal login/password
>>dialog
>>box.
>>
>>What i would like is, if the browser ( like firefox ) doesnot support
>>"silent login" like
>>IE, to redirect to a custom login page so that the user can
>>authentified.
>>
>>Is it possible to configure that with jcifs ?
>>
>>Thanks
>>
>>
>>
>>
>>
>>
>>
>
>
>
>
>
>
More information about the jcifs
mailing list