Authenticate with a Server not in domain

Apr 5, 2012 at 2:37 PM

I am writing you to ask help regarding a problem with SSO I am trying to solve in this weeks.
Currently I have 3 machines:

-A windows server running an Active Directory (demo.local)
-A client under the same Active Directory domain (demo.local\user)
-An Apache / Tomcat + Waffle server that is not under the domain.

With this kind of configuration, the client that tries to connect to the web server receives the classic popup for credentials and it's not able to authenticate.

Putting the Apache/Tomcat server on the same domain, solves the problem, but unfortunately it's not the kind of solution i can use. It would be the best way, but my customer won't change his institutional configurations only for me.

Then my question, is thera any other way to authenticate a client within a domain to a server that is not under a domain?

I've read about SPNs but i'm not sure it's the correct solution, i'm still searching about any other ways but i'm in a bad luck at the moment.

Any suggestion will be good.

I give you my thanks for any answer.

Apr 16, 2012 at 11:41 AM

You can't without supplying credentials (that's what the popup wants). The domain represents a trust that's required for the NTLM/Kerberos protocol.