My customer has an ActiveDirectory server and a work server, both without SSO. Employees use their ActiveDirectory account to connect to the work server. They change passwords every month.
My app connects to the work server. My app can use SSO, or can let users set a password manually.
For some reason my customer does not want to implement SSO, but their employees are fed up with manually changing their password every month.
QUESTION: Can I do anything about it?
I believe it would not be secure for my app to somehow get the changed passwords from ActiveDirectory or otherwise connect to the work server without knowing the new passwords, and without SSO. Might it be able to work securely using hashes maybe?
(If that matters, the work server is Alfresco)