I am trying to set up Fortify SSC to use Active directory and windows authentication for my users. I have successfully configured SSC to use LDAP to import my users and assign roles running on Tomcat 7. My issue is that we do not have passwords for our accounts. We user smartcards but, that really shouldn't matter if we can get Windows Authentication to let us into SSC.
I am not finding much in the way of documentation on how to do this. I saw in the December announcement () that "Windows Active Directory Service support " is supported in R4.40. I assumed this means I can use my internal Active Directory to authenticate my accounts but the install guide doesn't talk about this at all. I see new options for SSO and SAML configuration but not real documentation on how to use this for Active Directory.
What is the recommended method to authenticate users using Windows Authentication? Can I use SSO with Tomcat and Windows Authentication? Can I pass my authorized windows account through IIS over to Tomcat using an IIS rewrite rule?