Re: WAS 6 NTLM TAI SSO module - Websphere

This is a discussion on Re: WAS 6 NTLM TAI SSO module - Websphere ; Hi Scott, I tried your TAI module. It works great except for the POST problem. Can you explain your solution? Thanks, noam...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Re: WAS 6 NTLM TAI SSO module

  1. Re: WAS 6 NTLM TAI SSO module

    Hi Scott,
    I tried your TAI module. It works great except for the POST problem.
    Can you explain your solution?

    Thanks,
    noam

  2. Scott's solution to the POST problem

    Scott posted another version of the TAI that solves the POST problem:
    http://groups.google.com/group/ibm.s...60752de3078aef


  3. Re: Scott's solution to the POST problem

    noamhoffer@gmail.com wrote:
    > Scott posted another version of the TAI that solves the POST problem:
    > http://groups.google.com/group/ibm.s...60752de3078aef
    >


    He also says:

    "This approach may not necessarily be secure (NTLM itself is not that
    secure), but it would be a poor man's approach to SSO in WAS. "


    I have a hard time seeing the benefit of an insecure way of integrating
    with WebSphere security. This is dangerous, because people will likely
    use it without understanding the limitations. The SPNEGO TAI that ships
    with WAS 6.1 *is* secure.

  4. Re: Scott's solution to the POST problem

    I have successfully gotten the 3-step NTLM challenge/response working using nothing but the JCIFS NtlmHttpFilter deployed to WebSphere 6.1 if I use Firefox as the browser. Similarly, the same filter & servlet work when deployed on Tomcat 6.x from either Firefox or IE. But when I try IE6 against WebSphere 6.1, IE sends request #1 and request #2 but WebSphere appears to close the connection after request #2 is sent. I can step through it in a debugger and see that request #1 and #2 are both sent and processed without any kind of error, but after request #2 leaves the filter, the next thing you know, IE is saying "This page can not be displayed".



    Everything I've been able to "sniff" shows that the app server is closing the connect after the 2nd request.



    Has anyone been able to get NTLM working with IE6/WebSphere 6.1 using nothing but the JCIFS HtlmHttpFilter?



    Thanks in advance,



    Mike Gorman

  5. Re: Scott's solution to the POST problem

    Just to give an update - I upgraded to the latest fix pack of WAS 6.1 (6.1.0.17) and everything is now working.



    So for anyone trying to do NTLM-based SSO using nothing but the JCIFS filter, you're going to want to get the latest fix pack of WAS before you try it.



    mg

+ Reply to Thread