[jcifs] Problem Authenticating with IE 6.0 SP2 with login-protected pages in iframes

Ingo Rockel irockel at pironet-ndh.com
Fri Mar 30 08:46:25 GMT 2007

Hi again,

we found the problem, jcifs 1.0.1 didn't use all DCs if a wins was 
configured, just the first one. In a iframes context the IE does the 
auth for every frame which causes a mix up of app-server-sessions if 
cookies are used, the credentials are cached in the session but if there 
are more then one DC they might be used again for the wrong DC.



Ingo Rockel schrieb:
> Hi,
> we are currently in the progress of updating a customers system where we 
> use jcifs for auto-login into our J2EE application from WinXP/IE SP2 
> workstations. In the old version of our application we used jcifs 1.0.1 
> for authentication. The new version of our application uses jcifs 1.2.9.
> The J2EE application is also embedded into a Portal-Site via iframes. If 
> the application is accessed directly auto-login via jcifs works just 
> fine. If content from the application is included via iframes the 
> authentication fails with jcifs 1.2.9 (either auth-failure pages or a 
> login dialog pops up) but works just fine with the old version.
> We can reproduce this problem if we are using a simple local html-file 
> with iframes which includes content from our application. Strange 
> though, we can only reproduce this at the customers site. We are unable 
> to reproduce it in-house. The customer found the following KB-article at 
> microsoft:
> http://support.microsoft.com/kb/312176/EN-US/
> with a suggested workaround to set a "MaxConnectionsPerServer" to 1. If 
> this param is set to 1, auth works fine with jcifs 1.2.9 but 
> unfortunately the customers needs this value to be 8 for another 
> application.
> We also tried to set the ssnLimit to 1 without success. We are currently 
> testing a backport of the old jcifs but I would be happy if someone has 
> an idea what might cause this problem as backporting full support for 
> the old jcifs version would be a lot of work.
> Thanx and kind regards,
>     Ingo

Dipl. Inf. Ingo Rockel - Produktentwicklung
Maarweg 149-161, 50825 Koeln
Tel.: +49 (0)221-770-1788 / Fax: +49 (0)221-770-1005
mailto:irockel at pironet-ndh.com - http://www.pironet-ndh.com

PIRONET NDH AG, Sitz Koeln, HRB 26734, AG Koeln
Vorsitzender des Aufsichtsrats: Klaus Wiegandt
Vorstand: Hans-Werner Scherer (Vorsitz), Ulf Adebahr, Felix Höger

More information about the jcifs mailing list