Apache Shiro/Active Directory integration to support SSO in a grails web application

I am working on a grails web application which uses Apache Shiro for authentication purpose. Now I have been asked to implement SSO and Active directory integration to this application. Since I am new to LDAP/AD I have hard time to implement it pro开发者_运维问答perly.

Here is what I did, I generated a ShiroLdapRealm.groovy file by executing following command as mentioned on some websites.

grails create-ldap-realm

Then I added few configuration properties for LDAP in grails-app/conf/Config.groovy.

ldap.server.url = "ldap://localhost:10389"
ldap.search.base = "ou=users,ou=system"
ldap.search.user = "uid=admin,ou=system"
ldap.search.pass = "secret"
ldap.username.attribute = "uid"
ldap.skip.authentication = false
ldap.skip.credentialsCheck = false
ldap.allowEmptyPasswords = false

But now I am unsure about how to get the currently logged in windows user in my application and provide a UsernamePasswordToken to authenticate against this generated ShiroLdapRealm. I simply want to provide a SSO experience with shiro where user comes from Windows Active Directory. I was not able to find any good documentation for this.

Also I am confused about whether to use ShiroLdapRealm or ActiveDirectoryRealm as mentioned in some posts. What could be difference between these two? Which one to use when?

Can anybody please help me on this.

Thanks in advance.

Ahsan

Your approach is, unfortunately, useless. This won't bring you any single sign-on. You have to write a KerberosRealm which will handle tickets from the client. This will give you full SSO.