Server

NTLM and IE Challenge/Response

Updated: March 18, 2024

This plugin uses JCIFS to handle NTLM authentication. If you have troubles with latest version of IE on POST requests, please see JCIFS instructions.

To install this authentication plugin:

  1. Download the nuxeo-platform-login-ntlm plugin.
  2. Put it in $TOMCAT_HOME/nxserver/bundles or $JBOSS_HOME/server/default/deploy/nuxeo.ear/bundles and restart the server.
  3. Put the plugin into the authentication chain. Contribute an XML extension from the following content. Adapt the authenticationChain element content with the list of plugins you want to use.

    <extension
    target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
    point="chain">
    <authenticationChain>
      <plugins>
        <plugin>BASIC_AUTH</plugin>
        <plugin>ANONYMOUS_AUTH</plugin>
        <plugin>THE_PLUGIN_I_WANT_TO_USE</plugin>
      </plugins>
    </authenticationChain>
    </extension>
    

    Use NTLM_AUTH.

  4. Create an XML extension called ntlm-auth-config.xml with the following content:

    <component name="org.nuxeo.ecm.platform.authenticator.ntlm.config">
    
      <require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
      <require>org.nuxeo.ecm.platform.login.NTLM</require>
    
      <extension target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService" point="authenticators">
        <authenticationPlugin name="NTLM_AUTH">
          <loginModulePlugin>Trusting_LM</loginModulePlugin>
          <parameters>
            <\!-\- Add here parameters for you domain, please ee [http://jcifs.samba.org/src/docs/ntlmhttpauth.html&nbsp];
            <parameter name="jcifs.http.domainController">MyControler</parameter>
            \-->
          </parameters>
        </authenticationPlugin>
      </extension>
    </component>
    
    
  5. Adapt the content of the loginModulePlugin section.

  6. Save.