Forum Discussion

Sam_Hall's avatar
Sam_Hall
Icon for Nimbostratus rankNimbostratus
Oct 11, 2013

NTLM advice please

We're planning on hosting HP TRIM server for some clients on a separate domain. My understanding is the client software uses NTLM to pass credentials to the server and this is the only authentication...
design
ntlm
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 11, 2013

I think that's a reasonable solution. Allow me to elaborate:

 

  1. Your (browser?) client initiates an APM session and passes (explicit?) logon credentials. Those credentials are potentially vetted and then stored in the session.

     

  2. The TRIM client starts and passes NTLM credentials. We know, by virtue of some mechanism that hasn't been discussed yet, that the TRIM client is on the same host that has an active web-based session.

     

  3. APM strips the TRIM client's NTLM header (is it an HTTP-based client?) and applies an NTLM SSO to the server side dialog using the cached credentials from the explicit web-based logon.

     

Does that sound about right? If so, the following questions remain:

 

  1. Is the TRIM client web-based? Such that the NTLM data is in an Authorization header in an HTTP request?

     

  2. What can you use to correlate the web client to the TRIM client? Will the TRIM client consume and use cookies? Does the web client launch the TRIM client with a special URL?