NTLM V2 SSO Java Servlet Filter

Question

I need to use NTLM V2 SSO for a web application deployed on Tomcat 6 (Redhat Linux).

I know of the JCifs library but it's NTLM filter supports only NTLM V1 and not V2. They recommend JESPA as an alternative but I would rather have an open source solution.

I know of Waffle which does NTLM V1,V2 with zero configuration but works only on server deployed on windows.

Do you know of an NTLM V2 SSO NTLM filter for application servers deployed on Linux ?

score 3 · Answer 1 · answered Jul 27 '12 at 09:45

3

There's a SourceForget project with a Java SSO servlet filter:

https://sourceforge.net/projects/ntlmv2auth/

Uses an NTLMv2 extension of JCIFS from the Liferay Portal project.

answered Jul 27 '12 at 09:45

Marcel Schoen

41
2

score 1 · Answer 2 · answered Aug 24 '11 at 12:38

1

Try this --> http://tomcatspnego.codeplex.com/

answered Aug 24 '11 at 12:38

Sid

11
1

score 0 · Answer 3 · answered Sep 01 '12 at 14:00

0

Jespa is the premier NTLMv2 solution right now and it is what replaced the old JCIFS Filter:

http://www.ioplex.com/jespa.html

Just download the package and try the example webapp as described in the Requirements and Installation sections of the Jespa Operator's Manual. Once you see that work it should be fairly easy to incorporate it into your application. There is a Filter but there are other more sophisticated ways to integrate as well.

Jespa is a commercial solution.

answered Sep 01 '12 at 14:00

squarewav

362
1
8

$500 per server does not really work for most use cases, it is easier for most enterprises to buy Windows and use waffle. Linux/Jespa is hard to sell with the $500 price tag. – Tony BenBrahim Jul 31 '13 at 10:33

score 0 · Answer 4 · answered Aug 04 '11 at 18:09

0

Oakland Software supports NTLM v2. See http://oaklandsoftware.com/product_http/compare.html.

answered Aug 04 '11 at 18:09

Shawn

5,797
3
23
45

Not as an SSO filter, only as an Http client, and that product has been moved to open source: http://code.google.com/p/oakland-software-java-http-client/ – Francis Upton IV Nov 07 '11 at 15:46

score 0 · Answer 5 · answered Aug 04 '11 at 19:10

0

Go for Kerberos. NTLM is proprietary and insecure compared to Digest and Kerberos.

answered Aug 04 '11 at 19:10

Michael-O

17,130
6
51
108

This is totally false. NTLMv2 is not insecure. Claims about hacking NTLM refer to cracking raw password hashes which requires first breaking into a domain controller and extracting the secure keystore. Strange they leave that detail out. – squarewav Sep 10 '14 at 15:05
NTLM is proprietary and closed. Security by obsurity does not work. So does not NTLM. – Michael-O Sep 10 '14 at 16:43
There is a document on Microsoft's website called "[MS-NLMP] NTLM LAN Manager (NTLM) Authentication Protocol" that describes every detail of NTLMv2 and includes pseudo-code of each cryptographic operation. The document is freely available on Microsoft's website and is easy to find. MS has documented most of their communications protocols in this way. – squarewav Sep 12 '14 at 02:00
@ioplex, good to know thanks but that doesn't make it open. Still propietary. – Michael-O Sep 12 '14 at 09:35

NTLM V2 SSO Java Servlet Filter

5 Answers5