I am working on a grails web application which uses Apache Shiro for authentication purpose. Now I have been asked to implement SSO and Active directory integration to this application. Since I am new to LDAP/AD I have hard time to implement it pro开发者_运维问答perly.
Here is what I did, I generated a ShiroLdapRealm.groovy file by executing following command as mentioned on some websites.
grails create-ldap-realm
Then I added few configuration properties for LDAP in grails-app/conf/Config.groovy.
ldap.server.url = "ldap://localhost:10389"
ldap.search.base = "ou=users,ou=system"
ldap.search.user = "uid=admin,ou=system"
ldap.search.pass = "secret"
ldap.username.attribute = "uid"
ldap.skip.authentication = false
ldap.skip.credentialsCheck = false
ldap.allowEmptyPasswords = false
But now I am unsure about how to get the currently logged in windows user in my application and provide a UsernamePasswordToken to authenticate against this generated ShiroLdapRealm. I simply want to provide a SSO experience with shiro where user comes from Windows Active Directory. I was not able to find any good documentation for this.
Also I am confused about whether to use ShiroLdapRealm or ActiveDirectoryRealm as mentioned in some posts. What could be difference between these two? Which one to use when?
Can anybody please help me on this.
Thanks in advance.
Ahsan
Your approach is, unfortunately, useless. This won't bring you any single sign-on. You have to write a KerberosRealm which will handle tickets from the client. This will give you full SSO.
精彩评论