Many years back, I moved over into Java world and when I was asked to implement my very first security implementation, I realized that there was no easy way to do this and many clients would actually want us to use LDAP for authentication and authorization. For many years, I continued to use that. And, then one day in a discussion with a client, we were asked to provide SSO implementation and client did not have an existing setup like SiteMinder. I started to think about if we can go about using NTML based authentication. The reason that was possible was because the application we were asked to build was to be used within the organization itself and all the people were required to login into a domain.