Connection from an IPAD...

Nov 27, 2012 at 5:46 PM

Hi to all. I have a problem. I'll try to explain, but sorry for my english.

I have successfully configured a Tomcat 6 with your product.

1. For a network specific for us I can connect to the tomcat using either through IP and hostname (supermario) using our MS Windows machines that requires domain authentication. In this way we connect to the authbysspi application immediately.
When we try to access the application using the full host name supermario.bros.com the browser asks to enter credentials. Would you mind explaining us why?

2. Using another network (based on wifi), when we connect through the same MS Windows via hostname supermario we connect immediately. Using full hostname supermario.bros.com we receive immediately a 401 This request requires HTTP authentication.

3. When we use an ipad, we receive always a 401 status code immediatly using either supermario or supermario.bros.com

Can you help me?

--
Roberto Simoni

Coordinator
Dec 2, 2012 at 6:08 PM
Edited Dec 2, 2012 at 6:09 PM

Hello,

Some questions:

1) Is tomcat running on the same computer than the broser used to test?

2) Is bros.com the name of your active directory domain?

3) Is tomcat running with the account Network service (service reseau in french) or local system?

4) Did you read http://tomcatspnego.codeplex.com/discussions/65015

5) If tomcat is not running with the accont system or network service, you must add a Service Principal Name (http\supermario.bros.com) to this account; for instance http://technet.microsoft.com/en-us/library/dd632778.aspx

5) Did you test with the example explOnlyT6FallbckUsrPwd? Your Ipad cannot use spnego, but you can use login/password if you cannot be authenticated with spnego.

I can help you, but I must have more information on your context.

Dominique

 

 

Dec 3, 2012 at 8:50 AM

Thanks Dominique, the answers:

1) no, tomcat is running on a different computer

2) I think so

3) tomcat is running with SYSTEM

4) No i haven't a link to that discussion, thanks

5) ah ok, to do those type of operations I depend upon a group that manage the network. I'm not able to change anything in network

[6)] no sorry I thought that when I install the DLL part I cannot use any other thing in different packages...

I have asked to our group that manage the network to help us and they suggest to use another library called WAFFLE (probably 'cause they have already experience with that, I think).
I don't know if next informations can help you to improve your library, but anyway:
    Trying that library I was able to run immediately your example called authbysspi, using the servlet filter called waffle.servlet.NegotiateSecurityFilter provided by WAFFLE and without asking to do any change on network (probably this remove configuration of AD from possible causes?)
    With this server filter we was able to run the application on all machines and on iPad too BUT only with Google Chrome.
    In logs I have found that when the connections is made with a NO MAC machine, the protocol used is Negotiate. Connecting with a iPad or Mac is always NTLM. Chrome was able to manage that NTLM but Safari stop after authentication saying "Connection dropped".
    Updating an init-param of the filter called waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols removing the NTLM from possible protocols solved the problem also on the Safari browser.

I hope this help you to improve your library.

Thanks
Bye 

   R

Coordinator
Dec 3, 2012 at 5:14 PM

Thanks for the return

I tested again the dll version with the address of the server, its netbios name or its FQDN.
For some raesons, I do not send the header WWW_Authenticate when the browser does not send information on an user wich can be authenticated. This dll version is not up to date like with jna or tcp. I added a parameter to do that.

An Ipad cannot be registered on Active Directory. So, only one question: did you give your name and password?

Thanks

Dominique

Dec 4, 2012 at 7:37 AM
No, I'm not able to do that. I received only 401 with iPad.

2012/12/3 doumeguerin <notifications@codeplex.com>
An Ipad cannot be registered on Active Directory. So, only one question: did you give your name and password?

Coordinator
Dec 15, 2012 at 11:19 AM

Hello,

Tomcat is running on windows 8 with the applications authbysspijna, authbysspitcp and authbysspicli.

This computer is used as an wifi hotspot. I tested with an iPhone (ios 6.1). It works with the parameter "onlyntlm" . With android 4.1, it works with the parameter "onlyntlm" or "spnegoandntlm".

With tomcat on a server registered on AD, I can also use an account defined on Active Directory.

Dominique