Authenticating with Active Directory via Kerberos

java android authentication active-directory kerberos
Cody picture Cody · Oct 10, 2011 · Viewed 9.3k times · Source

I'm working on building an android application which requires different levels of authentication, and I would like to do so using Active Directory.

From what I've read, using Kerberos is the way Microsoft suggests. How do I do this for Android? I see the javax.security.auth doc, but it doesn't tell me too much.

I also saw a note somewhere that Kerberos does not contain user groups - is this true? In that case, would I have to somehow combine LDAP as well?

EDIT

The main goal here is achieving an LDAP connection to the active directory in order to authenticate and give the user correct permissions for the enterprise Android application. The real barrier here is the fact that Google left out many of the Java Web Services API from it's port to android. (i.e. javax.naming) Also, many of the connection mechanisms in the Android jar seem to be only included as legacy code, and they in fact actually do nothing.

Answer

Kurtis Nusbaum picture Kurtis Nusbaum · Oct 26, 2011

I found the documentation here to be really useful when I was writing my code to authenticate with my Kerberos server. Here's how I authenticate with my kerberos server, but you might need to tweak it for yours (hence me including the link):

public static final int REGISTRATION_TIMEOUT = 30 * 1000; // ms

private static DefaultHttpClient httpClient;

private static final AuthScope SERVER_AUTH_SCOPE =
    new AuthScope("urls to kerberos server", AuthScope.ANY_PORT);


public static DefaultHttpClient getHttpClient(){
    if(httpClient == null){
      httpClient = new DefaultHttpClient();
      final HttpParams params = httpClient.getParams();
      HttpConnectionParams.setConnectionTimeout(params, REGISTRATION_TIMEOUT);
      HttpConnectionParams.setSoTimeout(params, REGISTRATION_TIMEOUT);
      ConnManagerParams.setTimeout(params, REGISTRATION_TIMEOUT);
    }
    return httpClient;
  }

  public static boolean authenticate(String username, String password)
  {

    UsernamePasswordCredentials creds =
      new UsernamePasswordCredentials(username, password);
    DefaultHttpClient client = getHttpClient();
    client.getCredentialsProvider().setCredentials(SERVER_AUTH_SCOPE, creds);

    boolean authWorked = false;
    try{
      HttpGet get = new HttpGet(AUTH_URI);
      HttpResponse resp = client.execute(get);
      authWorked = resp.getStatusLine().getStatusCode() != 403
    }
    catch(IOException e){
      Log.e("TAG", "IOException exceptions");
      //TODO maybe do something?
    }
    return authWorked;
  }

Related questions

Preemptive Basic Auth with HttpUrlConnection?

What is the best way to use preemptive basic http authentication using HttpUrlConnection. (Assume for now I can't use HttpClient). EDIT for clarification: I'm setting the un/pw correctly in the request header using Base64 encoding. Are there any additional …

Read More
java.io.IOException : No authentication challenges found

I am newbie to android and this is my first project on android. I am struggling with "authentication" problem for more than a day. I tried several options but none of them worked. Basically, I want to call a REST …

Read More
Facebook integration on Android fbconnect broken link

I am trying to implement Facebook integration into my Android app and it goes off and logs in to Facebook fine, but when it tries to pass the access token back to the app it just returns: The webpage at …

Read More