Does anyone know if a Java 6 client running on Windows can authenticate through NTLM when accessing a Microsoft server that implements SPNEGO authentication protocol?
I understand that Java 6, running on Windows, has built-in support for SPNEGO, but it seems that the Java implementation is not trying to authenticate NTLM in case Kerberos authentication is not possible. The Authenticator example provided in the Sun docs crashes with a 401 Unauthorized error in response to sending a WWW-Authenticate: Negotiate server .
The following is a description of the test environment:
Target Server:
- stand-alone Windows 2008 R2 server (not a member of the AD domain)
- Microsoft SOAP Service Implemented Using WCF
- WCF configured for SPNEGO authentication (Kerberos and NTLM)
- WCF server cannot be reconfigured to support other auth modes :(
Client machine:
- Windows 7 Standalone 64-bit Workstation (not a domain)
- Java SE6 client running the Sun SPNEGO example
The ultimate goal is to use Apache CXF 2.4.0 to invoke SOAP services on the WCF server. Before adding the complexities of CXF and SOAP, I tried to extract the WSDL from the server using a simple Java test application to solve authentication problems.
FWIW. I can access the WCF server from IE using the local administrator login for the Windows server. I was also able to create a SOAP client for Delphi XE without any special authorization configuration. The Delphi SOAP client uses WinInet under the hood.