Enabling NTLM Authentication

Since B21, Scarab is able to authenticate users against a Windows NT domain. To do it, Scarab relies on a product named jcifs, from the Samba project.

You must build Scarab with NTLM support to authenticate againsts NT domains. Scarab ships with a mock implementation of jcifs, that will NOT run out of the box. So you must download the real JCIFS implementation from:

Once you've got the jar file, you must replace with it the previous version. Be aware that, in case you're using maven, you've possibly already got the mock version in your local MAVEN REPOSITORY (usually at $HOME/.maven/repository/org.samba.jcifs/jars)

YOU MUST REPLACE THIS JAR WITH THE REAL ONE YOU JUST DOWNLOADED

Once you've got the proper file, you must configure your Scarab to activate the NTLM login. In the build.properties file, include the following properties: 

    scarab.login.ntlm.active=true
    scarab.login.ntlm.domain=YOURWINDOWSDOMAIN

How does it works?

When browsing, Scarab will try to get the credentials and validate them against the NTLM domain.

If they are valid. it will try logging in the user into Scarab.

For this to succeed, the NTLM usename must match an Scarab username.

If the user gets logged in, a message will be displayed, such as "You've been automatically logged in using your user 'YourUser' from domain 'YourDomain'."

If anyone from the NTLM credentials or its equivalent Scarab username are invalid, the valve will just 'pass' and the rest of the login system will proceed (Login form / Anonymous)

When an authenticated user (even Anonymous) click on the 'Logout/Login' link, the session will be terminated and the Login.vm screen will be displayed, so any user (NTLM or not) can try logging in the system with other credentials.

Firefox support

This behaviour is not directly supported by any browser other than Internet Explorer.

Firefox users will be by default prompted with a dialog box asking for username and password. To do login with Windows domain credentials, the user will have to fill them up using the DOMAIN\User format.

Example: Username: "MyDomain\mywindowsuser", Password: myplainpassword

If firefox users want to automatically (no dialog!) get the credentials fed from the underlaying Windows operative system, the have to:

  • Type "about:config" in the URL box.
  • Search for the 'network.automatic-ntlm-auth.trusted-uris' configuration value.
  • Add the name of the Scarab host to that value.