Negotiated Login Using NTLM
Without using Kerberos I would like to have Windows domain users using Internet Explorer automatically provide a username and password so APM can perform a group lookup and authenticated the user. If they fail the group lookup or authentication they would be directed to a form to login. I have no problems with the group lookup if APM has the username in a variable or the fallback to a form. What I am having problems with is I am unable to get the 401 negotiate to send APM the NTML username and password.
For clarification I would like the flow to look like this. HTTP 401, browser automatically presents username and password (NTLM?) then APM looks up group membership based on username. If the user is in the group APM will then authenticate via LDAPS. If the group lookup fails or authentication fails the fallback will be a login form.