Skip to content Skip to sidebar Skip to footer
Home / Active Directory / Android / Authentication / Java / Kerberos

Authenticating With Active Directory Via Kerberos

Post a Comment
I'm working on building an android application which requires different levels of authentication, and I would like to do so using Active Directory. From what I've read, using Kerbe

Solution 1:

For that you might be better off just staying completely within LDAP and don't venture into the kerberos. Kerberos gives you advantage of Single Sign On, but since your android app doesn't have any credentials already in place it doesn't really help you. I guess google had their own reasons not to include the javax.naming into the distro. It is pretty heavy stuff.

You might be able to either port the stuff yourself from java runtime library sources, or might be better off using native LDAP library. For example this one.

Just remember to use secure LDAP connection or at least secure authentication method. More info about this is here.

Solution 2:

I found the documentation here to be really useful when I was writing my code to authenticate with my Kerberos server. Here's how I authenticate with my kerberos server, but you might need to tweak it for yours (hence me including the link):

publicstaticfinalintREGISTRATION_TIMEOUT=30 * 1000; // msprivatestatic DefaultHttpClient httpClient;

privatestaticfinalAuthScopeSERVER_AUTH_SCOPE=newAuthScope("urls to kerberos server", AuthScope.ANY_PORT);


publicstatic DefaultHttpClient getHttpClient(){
    if(httpClient == null){
      httpClient = newDefaultHttpClient();
      finalHttpParamsparams= httpClient.getParams();
      HttpConnectionParams.setConnectionTimeout(params, REGISTRATION_TIMEOUT);
      HttpConnectionParams.setSoTimeout(params, REGISTRATION_TIMEOUT);
      ConnManagerParams.setTimeout(params, REGISTRATION_TIMEOUT);
    }
    return httpClient;
  }

  publicstaticbooleanauthenticate(String username, String password)
  {

    UsernamePasswordCredentialscreds=newUsernamePasswordCredentials(username, password);
    DefaultHttpClientclient= getHttpClient();
    client.getCredentialsProvider().setCredentials(SERVER_AUTH_SCOPE, creds);

    booleanauthWorked=false;
    try{
      HttpGetget=newHttpGet(AUTH_URI);
      HttpResponseresp= client.execute(get);
      authWorked = resp.getStatusLine().getStatusCode() != 403
    }
    catch(IOException e){
      Log.e("TAG", "IOException exceptions");
      //TODO maybe do something?
    }
    return authWorked;
  }

Solution 3:

Have you looked at using JCIFS? Based on these questions [1][2] and this site, JCIFS works under Android. The JCIFS site has a simple NTLM Authenticator example that could help get you started. However, based on this Samba list message, you will need to use LDAP and custom code to get the user's groups.

Solution 4:

Try this tutorial from Oracle. My code likes a charm. Hopefully everything is included in Android's VM distro.

You may like these posts

Post a Comment for "Authenticating With Active Directory Via Kerberos"