No announcement yet.

Authenticated Socket through ISA proxy w/ Kerberos

  • Filter
  • Time
  • Show
Clear All
new posts

  • Authenticated Socket through ISA proxy w/ Kerberos


    I have a question to any ISA/MS proxy/AD experts out there

    We have a client-server application written in Java. The client and server are communicating by means of an socket carrying XML. The client can be inside an corporate intranet, and the server is out there on the internet.
    The problem is that one of our clients has a setup where the internet access has to go through an ISA Proxy Array, with Kerberos authentication only (possibly NTLMv2 too), inside an AD forest.

    To do this we are encrypting our communication socket with SSL, and making it pass through the proxy as an always-open-HTTPS connection.
    The problem is that even that CONNECT request has to be authenticated, and there is nothing in Java that would allow us to perform the windows authentication.
    We have thought about using the Java Native Interface to call a class written in C++ on windows that would handle the socket creation and authentication for us. But how is that possible? Is it possible even?
    We know of WinInet and WinHTTP but it seems that they do not allow low-level operation like socket creation. They can do transparent authentication (i think), but only allow you to do HTTP stuff like "GET", "POST", etc, nothing at a lower level. WinSock on the other hand gives us the raw socket connection to the proxy we need, but then we have no way to tell windows to perform the Windows integrated authentication on the proxy and then give us back the socket.
    And there doesn't seem to be an API call that will just give us the authentication headers to send to the proxy to authentication our connection.

    Thanks a lot for any ideas/help you might give! I can give more details if needed. Any help at all is greatly appreciated...

    PS: I'm not sure if this is the right forum to use, but the AD one did not seem more appropriate...