Silent proxy-authentication via NTLMv2 and Kerberos

[nlmarco]

I need to access web-services through a network-proxy. The network-proxy requires authentication. The customer expects silent authentication as the current Windows-user (single-sign-on, no password-prompt!). I did lots of research and it seems most people use NTLMv2 or Kerberos for their server-side. But I need it on the client-side for a network-proxy.

I saw that Java seems to support Kerberos out-of-the-box -- this here looks good (but this does not -- I don't have the current user's password).

Java also seems to support NTLM out-of-the-box -- this and this) look interesting.

Unfortunately, both solutions require user-name and password to be provided by my code. I do not know the password. I'd have to prompt the user. Thus both solutions are not silent! I need silent single-sign-on, though.

Hence, I wonder, whether I could somehow use Waffle to solve my problem (requiring user+pw) for both NTLMv2- and Kerberos-based proxy-authentication. And maybe Waffle can also save us the work of writing a kerberos-configuration-file?

Is there already an easy way to use Waffle for the silent authentication with a network-proxy?

If there's nothing ready-made, yet, maybe you can give me some hints how to implement a solution using Waffle?

[dblock]

A proxy that sits within the same domain can delegate authentication. I am not sure about all the protocol details, but if your proxy is a windows thing that requires windows auth, what you're describing should "just work" for your web app using waffle.