Is it possible to use the credentials (or even a token, that a user entered when he logged in windows, lets say XP). what I am in search here is not applying a single sign on (which requires signing in again), but the single sign on would be that of the MS windows log-in window.
Is this possible? I understand security in windows is of high importance as well, but isn’t there a way to get a token and use it in some other authentication mechanism?
Note: first and only sign in would be that of the Microsoft Windows Log in window and then the user would be able to access my application using the cached credentials (but without re loggin in).
You can do it if your machine is a member of domain. Google for GSSAPI. And use this string for your login module configuration:
Note, this works only for Sun’s JVM, as far as I know IBM JVMs do not support getting the ticket from OS.
Also, here is more information for you: http://msmvps.com/blogs/sp/archive/2007/06/05/integrating-java-jdbc-and-kerberos.aspx
Also, for this to work on modern version of Windows you have to tweak your registry settings:
On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
allowtgtsessionkeyREG_DWORD0x01Here is the location of the registry setting on Windows XP SP2:
allowtgtsessionkeyREG_DWORD0x01