Providing Single Sign-on HTTP NTLM/NTLMv2 Authentication

You can use the Oakland Software Java HTTP client to provide single sign-on authentication support for NTLMv2. This is accomplished by using the Oakland Software extensions to the JCIFS HTTP Authentication Filter to support NTLMv2 authentication from the client.

NOTE: there is a limitation in our implementation that does not support NTLMv2 authentication with SMB signing in conjunction with JCIFS (this limitation is applicable only to single sign-on). As of 13 September 2007, we know of no implementation that supports both NTLMv2 and SMB signing.

This is useful in the case where your browser or other HTTP clients require the use of NTLMv2 to authenticate. The current implementation of the JCIFS HTTP Authentication filter does not support NTLMv2 authentication (though it does support NTLM authentication).

The Oakland Software implementation of this filter is substantially identical to the JCIFS implementation, except that the class name for the actual filter is com.oaklandsw.http.servlet.NtlmHttpFilter. Configure this using the JCIFS instructions. You will also need to add the http.jar file to the lib directory of your web application (the same place you put the JCIFS JAR file).

This work is implemented using the JCIFS classes and modifying them slightly to call the Oakland Software authentication methods. Since this JCIFS code is licensed under LGPL, in accordance with that license, the modified source code is freely available under the LGPL license. This source provided code is for reference purposes; the complied version of these classes is part of the Oakland Software HTTP client distribution.