Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

Java Development

Reply
Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

NTLM or Kerberos Auto Login

Hi All,

 

Is there anyway to authenticate using NTML or Kerberos via a Java app. I was wanting to create an application with our intranet embedded as a browser field and prompt the user just for their AD password. I would make up the user name from their device owner information and the domain is the same through out. I have read through this doc http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB15642&sliceId=SAL_Pub... and do realize that you can set the default domain on the normal login screen but would rather take away the ability for the user to edit it as it doesn't go back on next login if you do. I did read through this doc http://davenport.sourceforge.net/ntlm.html but I am unsure how to implement this to a httpConnection. Am I missing something obvious or is this really a difficult thing to do?

 

 

Developer
Posts: 241
Registered: ‎11-20-2008
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

Have you found a solution for this question?

I am also wondering if there is anything builtin to do this easily.

 

I have looked at the link http://davenport.sourceforge.net/ntlm.html

In the NTLM HTTP Authentication section it seems like there is an http exchange needed. I am not sure how to put together a type 3 message (the final message when you respond to the challenge).

 

I know others referenced the following document for htttp basic authentication. I wonder if something similar can be done?

 

How To - Implement basic HTTP authentication
Article Number: DB-00468
http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/348583/800332/800429/How_To_...

 

 

 

Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

The last one is what you need to be looking at. Basically if you enable HTTP Authentication on your BES the BES will create the authenticated session on behalf on the device and pass the authentication back as Basic HTTP. You need to change the defaultUserRealm and defaultUserDomain in the MdsConfig.conf in your MDS sim and BES for this to work. Hope this helps.
Developer
Posts: 241
Registered: ‎11-20-2008
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

Could you elaborate a little bit?

I am not sure what you mean by "You need to change the defaultUserRealm and defaultUserDomain in the MdsConfig.conf in your MDS sim and BES for this to work."

 

New Contributor
Posts: 7
Registered: ‎07-23-2010
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

I am facing this issue as well.  I am trying to connect to an https website that requires NTLM authentication.  I keep getting 401 replies and cannot get past this.  Any ideas will help.  Below is the code I am using to make the connection:

 

 

 s = (StreamConnection)Connector.open(url);
 httpConn = (HttpConnection)s;
 httpConn.setRequestMethod(HttpConnection.GET);
 int tries = 0;
 while(keepGoing)
  {
             int status = httpConn.getResponseCode();
             
             switch (status)
             {
             case (HttpConnection.HTTP_OK):
                     keepGoing = false;            
                     break;

             case (HttpConnection.HTTP_UNAUTHORIZED):
               {
   
                s.close();
                
               s = (StreamConnection)Connector.open(url);
                httpConn = (HttpConnection)s;
                byte[] encoded = Base64OutputStream.encode(login.getBytes(), 0, login.length(), false, false);
               httpConn.setRequestMethod(HttpConnection.GET);
                httpConn.setRequestProperty("Authorization", "NTLM " + new String(encoded));
                      if (tries >= 3) 
                          keepGoing = false; 
                      else {
                       tries++;
                       keepGoing = true;
                      }
                          
                     }
              

                     break;

                 default:
                     keepGoing = false;
                 break;
              }
      }
      
      //Close the connection.
      s.close();

 

Any ideas?  Is there another way to perform NTLM authentication (Using the Authenticator Interface maybe)?

 

Thanks in advance.

Contributor
Posts: 40
Registered: ‎07-14-2010
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

Is it possible to do connection with NTLM authentication in blackberry application? Any idea??

I got KB for basic authentication and not for NTLM. Does it mean in blackberry application development we cannot achieve this?

Highlighted
Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

The BES performs the NTML authentication and translates it back to the device as basic authentication. So you need to pass for BES 5

Username: YOURADDOMAIN\ADUSERNAME

or for BES 4.1

Username: ADUSERNAME

Password: USERADPASSWORD

 

The password for some reason cannot be longer than ten characters. If you are using BES 5 you may want to look at some of the new features in service pack 2 relating to AD single sign on.

Contributor
Posts: 40
Registered: ‎07-14-2010
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

@BeMor thanx for quick reply!

 

I want to access sharepoint server in my application and I am getting 401, here the connction type is Direct TCP. Is it must to connect through BES to achieve the goal?

Developer
Posts: 174
Registered: ‎08-20-2008
My Device: Not Specified

Re: NTLM or Kerberos Auto Login

As far as I am aware you need a BES to perform NTLM authentication. You may want to ask the question again in a separate post as there may be a third party solution out there.