Is it possible to use the credentials (or even a token, that a user entered when he logged in windows, lets say XP). what I am in search here is not applying a single sign on (which requires signing in again), but the single sign on would be that of the MS windows log-in window.
Is this possible? I understand security in windows is of high importance as well, but isn't there a way to get a token and use it in some other authentication mechanism?
Note: first and only sign in would be that of the Microsoft Windows Log in window and then the user would be able to access my application using the cached credentials (but without re loggin in).
Application and network credentials are stored in the Windows Credentials locker. Credential Lockers store credentials in encrypted . vcrd files, located under %Systemdrive%\Users\[Username]\AppData\Local\Microsoft\[Vault/Credentials]\ . The encryption key can be found in a file named Policy.
Credential Manager is the "digital locker" where Windows stores log-in credentials like usernames, passwords, and addresses. This information can be saved by Windows for use on your local computer, on other computers in the same network, servers or internet locations such as websites.
Windows 10Press the Windows key on the keyboard or click the Windows Start icon. Start typing Credential Manager, and select the Credential Manager icon. On the resulting screen you will see the choice to manage your Web Credentials or you Windows Credentials.
To open Credential Manager, type credential manager in the search box on the taskbar and select Credential Manager Control panel. Select Web Credentials or Windows Credentials to access the credentials you want to manage.
You can do it if your machine is a member of domain. Google for GSSAPI. And use this string for your login module configuration:
com.sun.security.auth.module.Krb5LoginModule required debug=true useTicketCache=true doNotPrompt=true;
Note, this works only for Sun's JVM, as far as I know IBM JVMs do not support getting the ticket from OS.
Also, here is more information for you: http://msmvps.com/blogs/sp/archive/2007/06/05/integrating-java-jdbc-and-kerberos.aspx
Also, for this to work on modern version of Windows you have to tweak your registry settings:
On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
allowtgtsessionkey
REG_DWORD
0x01
Here is the location of the registry setting on Windows XP SP2:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
allowtgtsessionkey
REG_DWORD
0x01
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With