I have a running website which has its own set of users and have an authentication system which does a basic database lookup to authenticate the users to login to the site. A client of ours is interested in the website and has a requirement that instead of registering all their existing users with us again they have an Active Directory and I should use it to authenticate them. This prevents the client from registering all their users with us and from remembering another set of username and password.
My website is built with Java and I am looking at a solution where in I can integrate with active directory.
I am new to Active Directory and have been searching through the web but failed to find an optimum solution. My understanding of Active Directory is that it would have a set of username and passwords and if I am successfully able to integrate with it, in addition to having my own database of users I will have to look up in client's Active Directory as well and if a match is found, I can authenticate the user.
Please correct me if my understanding is wrong and could you please point me to the right direction?
Thanks,
Mayank
Where is your app deployed? If it is on your customer's premises, then the easiest might be to do an LDAP query against AD (an LDAP server) like @nzpcmad suggests. Tomcat has support for Windows Authentication too if I'm not mistaken, so it might be easier to go that path.
If it is off-premises, you will have to use an identity federation approach. You will have to change your app to accept SAML tokens and implement the SAML protocol (because you are in the Java world that might be the best option). Your customer will need to deploy an STS (like ADFS).
It really depends on how your app is designed and accessed by your customers (on-prem vs hosted, single tenant vs multi-tenant).