Jespa

Jespa is a pure Java software library that directly implements the Windows protocols and logic necessary to easily and efficiently integrate Java applications into Windows environments. Jespa has no dependencies on other packages or the host and, as 100% Java, it runs equally well on Linux, macOS, Windows or any other Java platform.

Truly Password-Free HTTP Single Sign-On

The most popular feature of Jespa is its HTTP Single Sign-On (SSO) servlet filter which implements the type of SSO built into Windows clients (herein referred to as Windows built-in SSO). Windows built-in SSO does not require that users type in credentials at all which is more secure and faster than other common types of SSO. Windows built-in SSO is supported by all of the popular browsers, by the various Windows programming APIs and by the major programming languages. This might be why, in a market saturated with SSO solutions, Jespa has been sold in over 60 countries with thousands of active installations in use today.

A Solid Windows Security Solution

Jespa carefully mimics Windows behavior for maximum security and compatibility. For example, the Jespa NTLMSSP acceptor supports the latest security features including full session security (signing and sealing), SPN and channel bindings (also known as Extended Protection for Authentication or EPA) and AES SecureChannel NETLOGON. Using either SPN binding or session security will block a relay attack. Jespa properly implements and uses both by default. Jespa's LDAP API has used SASL session security by default since 2012 (and more recently SPN and TLS channel bindings).

Features ...

• The SSO filter (see HttpSecurityService) handles concurrent authentication states, deep-linking, processing redundant authentications, proactive POST re-authentication and switching between SSO and explicit logins using alternative credentials.
• The DuoHttpSecurityService adds support for 2FA / MFA.
• Efficient implementation that minimizes network communication and memory usage.
• Transparent AD DS domain controller and DNS nameserver failover.
• HTTP client with full Windows built-in SSO support including SPN and channel bindings.
• Windows group membership checking uses group SIDs from the authenticated Windows security context to provide lightning fast access control.
• Extensive, detailed and well-maintained documentation.
• Enable Windows built-in SSO in existing SASL servers and clients.
• As a proper library, Jespa uses no static configuration and has no host dependencies which allows any number of instances of Jespa components to run within the same JVM.
• Easy to use API allows applications to set / change passwords on accounts, create, update, and delete accounts, manipulate security groups and perform a wide range of AD DS operations.
• Cost effective licensing with steep discounts for multiple installations in the same network.

One installation may be used in production with up to 25 users for free. To get started, download the Jespa package and try the example webapp as described in the Installation section of the Jespa Operator's Manual (PDF available on the Support page).