A common requirement of web apps on corporate Intranets is NTLM HTTP authentication. This allows a web browser to automatically login by providing the user's network password, without the user having to manually go through a login dialog.

NTLM authentication is a staple feature of Windows-only IIS, but what if you want to offer NTLM authentication from a web server hosted on a Linux machine?

Recently I used the jCIFS NTLM Authentication module (http://jcifs.samba.org/src/docs/ntlmhttpauth.html). Literally all I had to do was drop a .jar file into the lib/ directory of my Java web app and copy-paste some options into my web.xml file. In minutes, my web app was authenticating users' NT credentials against the network's domain controller, and logging them in automatically.

The source code is open and seems easily editable, which is a good thing because it the NTLM authentication is pretty basic. For example, if a browser doesn't provide correct NT credentials, by default the web app will just keep prompting for credentials ad infinitum. I should be able to go in there and code a limited number of retries.

Labels: Authentication, JCIFS, NTLM, Single sign-on