I implemented the samples from jBoss Negotiation Authenticator 2.0.3.Beta1.
It works but it authenticates my application to Active Directory using a generic account, the the end user account.
So my goal is simple: automatically get the end user kerberos ticket from my corporate windows machine and using the browser (Internet Explorer OE6 and 7) have a transparent authentication to my web apps running on jBoss 4.2.3 as the end user.
Of course if it fails, or if I logout properly, I need to have a basic auth form to enter manual credentials (user ID and MS AD password)