NTLM Connector end of of support (21 November 2017)
#1 by ahietala on Nov 21, 2017 1:46:37 PM

The Magnolia NTLM (NT LAN Manager) Connector module is no longer supported. The module provided single sign-on (SSO) functionality for Windows systems within a trusted domain environment.

Microsoft no longer recommends the use of NTLM in applications due to security constraints:

"Implementers should be aware that NTLM does not support any recent cryptographic methods, such as AES or SHA-256. It uses cyclic redundancy check (CRC) or message digest algorithms (RFC1321) for integrity, and it uses RC4 for encryption. Deriving a key from a password is as specified in RFC1320 and FIPS46-2. Therefore, applications are generally advised not to use NTLM." https://msdn.microsoft.com/en-us/library/cc236715.aspx

Following Microsoft's recommendation, Magnolia ends support for the NTLM Connector module. This means we will not fix bugs related to the NTLM protocol. NTLM is no longer supported on any Magnolia version.

As a replacement we recommend the LDA Connector and CAS modules:

"CAS module enables Central Authentication Service (CAS) in Magnolia. CAS is a single sign-on (SSO) Web protocol that permits a user to log in once to a system and then automatically gain access to all related systems to which they have been granted permission as per their credentials. This avoids the need to log into each system individually. The Magnolia CAS module handles authentication only. When a user logs into CAS, the system authenticates their identity to participating services because the user has been authenticated to CAS."



Contact Magnolia Support if you need help implementing single sign-on authentication in your project.


Antti, on behalf of the Magnolia team