Combining Waffle and Com4j + Active Directory COM access thru ADO (described:
) works. I was able to authenticate NTLM login AND to get the UPN (User Principal Name:
and other AD info like user first name/last name, telephone number, etc.
* Waffle (unmodified) to authentify the user at the Tomcat Container level (SSO)
* In the different Java/Tomcat applications, I call a rather simple bean I developed from Com4J Kohsuke example. It is shared (tomcat\sharedlib) and uses Com4J (shared also) to call the ActiveX objects IADs (to get the root LDAP context) and ADsDSOObject to query the AD (I do not need to bind with AD as Waffle already did it).
This was needed because the JNA (used by Waffle) does not implement accesses to IAD and ADsDSOObject…
My idea of keeping unchanged Waffle and to retrieve the user’s Active Directory information in the different applications (using a bean calling Com4J) is bad: you may have to dig deeper than expected because applications have a lot of legacy code due to the
evolution in authentication systems.
Why not improve the security Principal to store all useful Active Directory data directly from Waffle?