How to enable NTLM authentication in MWS

Vikas_Gupta · June 27, 2014, 1:59pm

Hi,
Our client requirement is once they login to windows system and if they try to MWS then it should not prompt for username/passowrd.
To achieve this MWS admin guide has suggested to enable NTLM authentication. Only thing which is mentioned as to login with sysadmin then goto Admin dash bord—> configuration —> NTLM Auth administration and type in there windows primary domain controller name. Which i did but it did not work. I restarted MWS server as well still no help. there is no error as well.
I also changed the settings from folder → system —> Auth schema and changed from “Form” to “NTLM” but still no help.
It seems there is some other configuration as well.
If any one is having idea how to make it work then please let me know.
I need it urgently.

i am working on MWS 8.2.1 with fix 14

Vikas_Gupta · June 27, 2014, 2:22pm

I have also changed the alias “auth.scheme.default” for NTLM. Now if i login via firefox or chrome MWs url is popping up a small window for username and password and once i enter user name and password it throws error.
One thing i do not understand is why it is still asking for username and password. As per admin guide it should not ask for the credentials rather directly open the landing page. Anyways following is the error.

ERROR:

2014-06-27 14:20:24 SAST (Framework:INFO) [RID:74] - [1fqmaxzjupd8xchwi6fhn4q95:Guest] - http://toydev01.toyota.co.za:8585/ (GET)
2014-06-27 14:20:24 SAST (Framework:INFO) [RID:74] - Completed request. Response time=6ms
2014-06-27 14:20:24 SAST (Framework:INFO) [RID:75] - [1fqmaxzjupd8xchwi6fhn4q95:Guest] - http://toydev01.toyota.co.za:8585/ (GET)
2014-06-27 14:20:34 SAST (Framework:WARN) [RID:75] - RequestURI: /
2014-06-27 14:20:34 SAST (Framework:WARN) [RID:75] - RequestPath: /
2014-06-27 14:20:34 SAST (Framework:WARN) [RID:75] - Parameters:

2014-06-27 14:20:34 SAST (Framework:WARN) [RID:75] - Attributes:
jmx.request.start = 1403871624312
previous_rid = 3
rid = 4

2014-06-27 14:20:34 SAST (Framework:WARN) [RID:75] - Headers:
Accept = application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, /
Accept-Encoding = gzip, deflate
Accept-Language = en-US
Authorization = NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
Connection = Keep-Alive
Cookie = JSESSIONID=1fqmaxzjupd8xchwi6fhn4q95; test_cookie; SSO_ID=evv5l2ptna782wq2bdtsbbslf
DNT = 1
Host = toydev01.toyota.co.za:8585
User-Agent = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E)

2014-06-27 14:20:34 SAST (Framework:FATAL) [RID:75] - [POP.001.0002] A “jcifs.smb.SmbException” occurred with the Message “Failed to negotiate”
jcifs.smb.SmbException: Failed to negotiate
jcifs.smb.SmbException: Timeout trying to open socket
at jcifs.smb.SmbTransport.start(SmbTransport.java:362)
at jcifs.smb.SmbTransport.negotiate0(SmbTransport.java:912)
at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:988)
at jcifs.smb.SmbSession.getChallenge(SmbSession.java:140)
at jcifs.smb.SmbSession.getChallenge(SmbSession.java:135)
at com.webMethods.portal.portlet.wm_ntlmauthadmin.NTLMHandler.handle(NTLMHandler.java:94)
at com.webMethods.portal.framework.auth.AuthManager.handleAuth(AuthManager.java:90)
at com.webMethods.portal.framework.session.SessionManager.handleSession(SessionManager.java:191)
at com.webMethods.portal.framework.dispatch.DispatchManager.initSession(DispatchManager.java:678)
at com.webMethods.portal.framework.dispatch.DispatchManager.handleDispatch(DispatchManager.java:346)
at com.webMethods.portal.framework.impl.PortalServlet.service(PortalServlet.java:305)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.webMethods.portal.framework.impl.NTLMV1Filter.doFilter(NTLMV1Filter.java:50)
at com.webMethods.portal.framework.impl.NTLMFilter.doFilter(NTLMFilter.java:28)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.webMethods.caf.faces.servlet.GZIPFilter.doFilter(GZIPFilter.java:47)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.webMethods.portal.framework.impl.RequestFilter.doFilter(RequestFilter.java:56)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)

    at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:994)
    at jcifs.smb.SmbSession.getChallenge(SmbSession.java:140)
    at jcifs.smb.SmbSession.getChallenge(SmbSession.java:135)
    at com.webmethods.portal.portlet.wm_ntlmauthadmin.NTLMHandler.handle(NTLMHandler.java:94)
    at com.webmethods.portal.framework.auth.AuthManager.handleAuth(AuthManager.java:90)
    at com.webmethods.portal.framework.session.SessionManager.handleSession(SessionManager.java:191)
    at com.webmethods.portal.framework.dispatch.DispatchManager.initSession(DispatchManager.java:678)
    at com.webmethods.portal.framework.dispatch.DispatchManager.handleDispatch(DispatchManager.java:346)
    at com.webmethods.portal.framework.impl.PortalServlet.service(PortalServlet.java:305)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
    at com.webmethods.portal.framework.impl.NTLMV1Filter.doFilter(NTLMV1Filter.java:50)
    at com.webmethods.portal.framework.impl.NTLMFilter.doFilter(NTLMFilter.java:28)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.webmethods.caf.faces.servlet.GZIPFilter.doFilter(GZIPFilter.java:47)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at com.webmethods.portal.framework.impl.RequestFilter.doFilter(RequestFilter.java:56)
    at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
    at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
    at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
    at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
    at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
    at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
    at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
    at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
    at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
    at org.mortbay.jetty.Server.handle(Server.java:326)
    at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
    at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
    at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:547)
    at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:212)
    at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
    at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:409)
    at org.mortbay.thread.BoundedThreadPool$PoolThread.run(BoundedThreadPool.java:451)

system · June 27, 2014, 2:39pm

Hi Vikas,
I think after the fix NTLM v1 is no longer supported, you have to configure NTLM v2 for that.
For v1
If you have the correct domain controller name then set it in MWS and set your page authentication scheme to NTLM and it works. I have implemented it in Software AG’s HQ projects.
For v2 there is a document on how to do it, I will search for that and let you know

Vikas_Gupta · June 27, 2014, 2:54pm

Hi Anjni,
Thanks for your reply. I am using custom login page and i set the page authentication scheme to “NTLM” still it is not working.
Do let me know how to do the configuration for NTLM v2 but in our dev environment when i go to configuration—> NTLM V2 Authentication Administration link it throws error and says “jespa library is required.”

Let me know how you have done that. Also on firefox and chrome why it is asking username/password same as it prompts for IS admin console but it does not show same behaviour on IE.

system · June 27, 2014, 3:13pm

chrome does not supports NTLM authentication. only Firefox and IE do. Firefox is preferred and to make it work you will have to specify the login URL in Firefox settings. go to about:config → find search for network.automatic-ntlm-auth.trusted-uris and enter the URL value in that.
yes the jespa jars are required to configure v2 get it from IOPLEX Software - Downloads.
The authentication scheme should be NTLM for the page which you are redirecting to, for me it was /user.current.start.page.
I have the document but the size is too big to attach. If you are in SAG you can get it from our svn.

Vikas_Gupta · June 27, 2014, 3:20pm

Hi Anjni,
Firefox settings is not clear. Please explain one more time as the option you mentioned i was not able to find in my browser.
Also let me know SAG SVN url and document location and name.

system · June 27, 2014, 3:40pm

NTLMv2_SSO_Implementation.doc is the doc name. It’s in a project HQPGCSINDIA in labcase.softwareag.com.
for FireFox
1.type in your browser about:config
2.you get a page with nam = value configurations.
3.search for the string I mentioned earlier in that page and change the value of that to the login URL and it shall not ask username and password.
These all will be mentioned in the document.

Vikas_Gupta · June 27, 2014, 3:45pm

Hi Anjni,
Many thanks for your help. I’ll try to get the document and will do the implementation accordingly and will let you know the result.

Vikas_Gupta · June 30, 2014, 10:20am

Hi Anjni,
I was not able to find the doc you mentioned. Please share the complete link/url of the resource.

system · June 30, 2014, 10:36am

The project is not accessible to any one outside HQ project. Please mail to GCS-India for getting the access to the project or they can hep you in getting the document.