[jcifs] single sign on for desktop based java application

Michael B Allen ioplex at gmail.com
Wed Nov 19 16:17:13 GMT 2008

On Wed, Nov 19, 2008 at 3:56 AM, Raghavendra MB <mb.ragu at gmail.com> wrote:
> Hi,
> I have a requirement to provide single sign on facility for windows
> admin/users in desktop based java application.
> the java program should run only if the user is authorized for that system.
> Please suggest me how to implement the solution for above requirement.

To do SSO from a desktop Java application you would have to use
something that has access to the user's NT username and password or
Kerberos credential cache. The only thing I know of that might work
would be the Keberos implementation of Sun's JRE. However, even Sun's
JAAS Kerberos module may have a problem with that. IIRC you had to
first do a Kerberos logon just to do anything related to Kerberos.
Meaning I'm not 100% positive that you can actually get a ticket using
an existing TGT. You have to get your own TGT which of course means
supply a domain, username and password.

I would simply try the latest JRE from Sun and try to get a Kerberos
ticket and hope it works without requiring a logon. But don't hold
your breath.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list