Negotiate Kerberos
capitan.mosca Dec 21, 2005 11:39 AMhi all,
I'm trying to configure my jboss to use kerberos to authenticate the user.
The confiration files I use are...
web.xml <web-app> <display-name>Hello World</display-name> <security-constraint> <web-resource-collection> <web-resource-name>HelloWorldSec</web-resource-name> <description> An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>PP</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>Negotiate</auth-method> <realm-name>Test Realm</realm-name> </login-config> <security-role> <description>The single application role</description> <role-name>PP</role-name> </security-role> <security-role-ref> <role-name>PP</role-name> <role-link>user</role-link> </security-role-ref> </web-app>
login-config.xml ..... <application-policy name="KRB"> <authentication> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag = "required"> <module-option name="useTicketCache">true</module-option> <module-option name="debug">true</module-option> </login-module> </authentication> </application-policy> ...
context.xml <Context> <Valve className= "org.jboss.web.tomcat.security.HttpServletRequestResponseValve" /> </Context>
jboss-web.xml <jboss-web> <security-domain>java:/jaas/KRB</security-domain> </jboss-web>
And the log gives me this info
JBoss_4_0_3 date=200510042324)] Started in 23s:530ms 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@18787c9 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@e3cf25 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManager.KRB] CachePolicy set to: org.jboss.util.TimedCachePolicy@348ab2 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@348ab2 2005-12-21 17:35:44,258 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added KRB, org.jboss.security.plugins.SecurityDomainContext@17dbeaf to map 2005-12-21 17:35:44,289 INFO [STDOUT] Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false 2005-12-21 17:35:44,289 INFO [STDOUT] Acquire TGT from Cache 2005-12-21 17:35:44,414 INFO [STDOUT] Principal is S236@ES.INT.COM 2005-12-21 17:35:44,445 INFO [STDOUT] Commit Succeeded 2005-12-21 17:35:44,445 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: GenericPrincipal[()]
I have a lot of doubts about web.xml...
Is Negotiate a correct "auth-method"?
What does "realm-name" work for?
Thanks in advance!
iván