Forum Discussion
Kraig_52305
Nimbostratus
NimbostratusNegotiated Login Using NTLM
Without using Kerberos I would like to have Windows domain users using Internet Explorer automatically provide a username and password so APM can perform a group lookup and authenticated the user. I...
Michael_Koyfman
Cirrocumulus
CirrocumulusUnfortunately, that flow is not possible - there are some technical issues with the way NTLM works and this does not allow us to fall back to forms-based after failed NTLM attempt.
That said, I am still trying to understand the use case - are you authenticating users against the same directory backend? Let's just say, for example, that what you were asking above was possible, and you could get to a login page after failed NTLM attempt - what would that user be authenticated against? Once I understand what exactly you are trying to achieve, I can hopefully offer a workable solution.
- Kraig_52305What I am really looking for is to obtain the username of anyone hitting a site. From that username I can do group lookups. The use case is shared work stations hit sites that allow all authenticated users and there is no way to tell what user is actually hitting the site. When a standard user account is seen pass the user through. If the account is a shared work station account I need to force a login with a unique login and SSO them to the server. This way all interaction with the site are with the unique account and the machine account.
