Hi All,

Wondering if I can get some help with this one. I'm trying to get Kerberos/SPNEGO authentication working in my Seam app.

Environment:

JBoss AS 5.0.0.GA

JBoss Negotiation 2.0.3 (SP02?) built from source as per https://community.jboss.org/message/142148#142148

JBoss Seam 2.1.0

Java 1.6.0_35

I've got the Negotiation toolkit running successfully with all 3 Servlets returning as they should.

When I try and implement in my Seam App all I get is a nice "HTTP Status 401 - The request requires HTTP Authentication ()."

I've followed the steps as outlined in http://seamframework.org/128602.lace

i.e.

1. configured the web.xml to handle the security

2. added <security:identity jaas-config-name="SPNEGO" /> to components.xml

3. disable the Identity httprequestwrapper <web:identity-filter disabled="true"/>

4. Created the custom Identity component.

I made a couple of minor alterations in web.xml -

1. Instead of bundling all the web-resource-collections together as in the example I've separated the SEAM resource into it's own constraint:

<security-constraint>

<web-resource-collection>

  <web-resource-name>SEAM</web-resource-name>

  <url-pattern>*.do</url-pattern>

  </web-resource-collection>

  <auth-constraint>

  <role-name>*</role-name>

  </auth-constraint>

</security-constraint>

2. Added the SPENGO realm-name to the login config

<login-config>

  <auth-method>SPNEGO</auth-method>

  <realm-name>SPNEGO</realm-name>

</login-config>

Now when I try to access the app I get the following in the log file:

DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.createSecurityDomainContext():341] Creating SDC for domain=jboss-web-policy

DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.<init>():253] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@142cc1e

DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.setCachePolicy():264] CachePolicy set to: org.jboss.util.TimedCachePolicy@f2b289

DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.setSecurityDomainCache():473] setCachePolicy, c=org.jboss.util.TimedCachePolicy@f2b289

DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - null

DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():82] No Authorization Header, sending 401

DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - Negotiate YIIGVQYGKwYBBQUCoIIGSTCCBkWgMDAuBgkqhkiC9xIBAgIGCS.....

INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.ruleBasedPermissionResolver

INFO  [org.jboss.seam.drools.RuleBase.compileRuleBase():47] parsing rules: /security.drl

INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.identity

INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.web.session

DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():103] Creating new NegotiationContext

So it looks like it's at least trying work? However it wont forward on to the Identity component and I get the "request requires HTTP Authentication ()" message in the browser.

I know the keytab info is correct as I'm using it for the toolkit configuration and like I say all that works fine.

Any ideas?

Cheers,

Tristan