I am trying to implement NTLM authentication on one of our internal sites and everything is working. The one piece of the puzzle I do not have is how to take the information from NTLM and authenticate with Active Directory.
I am using ColdFusion but a solution to this problem can be in any language (Java, Python, PHP, etc).
I am using ColdFusion on Redhat Enterprise Linux. Unfortunately we cannot use IIS to manage this and instead have to write or use a 3rd party tool for this.
Update – I got this working and here is what I did
I went with the JCIFS library from samba.org.
Note that the method below will only work with NTLMv1 and DOES NOT work with NTLMv2. If you are unable to use NTLMv1 you can try Jespa, which supports NTLMv2 but is not open source, or you can use Kerberos/SPNEGO.
Here is my web.xml:
<web-app> <display-name>Ntlm</display-name> <filter> <filter-name>NtlmHttpFilter</filter-name> <filter-class>jcifs.http.NtlmHttpFilter</filter-class> <init-param> <param-name>jcifs.http.domainController</param-name> <param-value>dc01.corp.example.com</param-value> </init-param> <init-param> <param-name>jcifs.smb.client.domain</param-name> <param-value>CORP.EXAMPLE.COM</param-value> </init-param> </filter> <filter-mapping> <filter-name>NtlmHttpFilter</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> </web-app>
Now all URLs matching
/admin/* will require NTLM authentication.