与通过Kerberos的Active Directory身份验证 [英] Authenticating with Active Directory via Kerberos
问题描述
我正在构建一个Android应用程序,它需要不同级别的身份验证,我想这样做,使用Active Directory。
I'm working on building an android application which requires different levels of authentication, and I would like to do so using Active Directory.
从我读过的,使用Kerberos是微软建议的方式。如何做到这一点为Android?我看 javax.security.auth中的 DOC ,但它并没有告诉我太多。
From what I've read, using Kerberos is the way Microsoft suggests. How do I do this for Android? I see the javax.security.auth doc, but it doesn't tell me too much.
我还看到了一张纸条的地方,Kerberos不包含用户组 - 这是真的吗?在这种情况下,我会以某种方式结合起来LDAP呢?
I also saw a note somewhere that Kerberos does not contain user groups - is this true? In that case, would I have to somehow combine LDAP as well?
修改
这里的主要目标是实现以验证并给用户,为企业Android应用正确的权限LDAP连接到Active Directory。这里真正的障碍是,谷歌留下了很多的Java Web服务API从它的端口到Android的。 (即的javax.naming )另外,很多在Android罐的连接机制似乎只包括作为传统的code,它们其实实际上做什么。
The main goal here is achieving an LDAP connection to the active directory in order to authenticate and give the user correct permissions for the enterprise Android application. The real barrier here is the fact that Google left out many of the Java Web Services API from it's port to android. (i.e. javax.naming) Also, many of the connection mechanisms in the Android jar seem to be only included as legacy code, and they in fact actually do nothing.
推荐答案
有关,你可能会更好只是停留完全在LDAP和不冒险进入的Kerberos。 Kerberos的给你好处单点登录的,但因为你的Android应用程序没有任何凭据已经到位它并没有真正帮助您。我想谷歌有自己的理由不包括javax.naming中进入发行。这是pretty的沉重的东西。
For that you might be better off just staying completely within LDAP and don't venture into the kerberos. Kerberos gives you advantage of Single Sign On, but since your android app doesn't have any credentials already in place it doesn't really help you. I guess google had their own reasons not to include the javax.naming into the distro. It is pretty heavy stuff.
您也许能任一端口的自己从Java运行时库源的东西,或者使用本地LDAP库可能会更好。例如,这 之一。
You might be able to either port the stuff yourself from java runtime library sources, or might be better off using native LDAP library. For example this one.
不过,别忘了使用安全LDAP连接或至少是安全的身份验证方法。有关这方面更多的信息是这里。
Just remember to use secure LDAP connection or at least secure authentication method. More info about this is here.
这篇关于与通过Kerberos的Active Directory身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
