To use Windows Integrated Authentication, clients must be running a browser that supports Kerberos authentication, such as Microsoft Internet Explorer, Mozilla Firefox, or Google Chrome. For Internet Explorer, you must enable the Integrated Windows Authentication option at: Tools | Internet Options | Advanced | Security.
You should also make sure that your application server is added to the Intranet Zone settings list, and that the browser is set for Automatic logon only in that zone.
Windows Integrated Authentication provides a greater degree of security than NTLM authentication, so we recommend that users should attempt to use Windows Integrated Authentication unless it is unsupported by their client operating system or browser. To use NTLM for SSO, you need a version of Windows that supports NTLM challenge/response. For more information, see Setting up a client machine.
To set up Internet Explorer for NTLM authentication, configure the intranet for authentication:
This chapter describes how to get started with Single Sign-on for Java using the supplied examples, and moves on to cover how to build SSO solutions using Single Sign-on for Java-protected servlets and JSPs.
The following sections describe how to get started with Single Sign-on for Java and how to configure the examples provided: