2 Replies Latest reply on Mar 5, 2014 8:38 PM by sunkalpana

    spnego configuration (application deployed on unix)

    sunkalpana
    sunkalpana Mar 4, 2014 11:10 AM

      hi,

       

      I have a intranet application with jboss app server 7.1.1 deployed on unix.

      I need to do integrated windows authentication for my application.

       

      My ldap server is ADS.  I need clear steps of configuration of doing this.

      I am not using any spring framework and i have already done with login.xhtml with a webfilter. It is working fine.

       

      Any help is appreciated

       

      Thanks

      kalpana.

      • 242 Views
      • Tags:
        • 1. Re: spnego configuration (application deployed on unix)
          pskopek
          pskopek Mar 5, 2014 8:41 AM (in response to sunkalpana)

          Hi Kapana!

          Try to start with this document: https://community.jboss.org/wiki/DRAFTUsingJBossNegotiationOnAS7

          I think it is clear enough to start with.

           

          Peter

            • Actions
          • 2. Re: spnego configuration (application deployed on unix)
            sunkalpana
            sunkalpana Mar 5, 2014 8:38 PM (in response to pskopek)

            Hi Peter,

             

            Thank you for your information and quick reply.

            Based on the link , I need to get the information of adc server and environment.

            After i get Kerberos realm and   KDC information from my network,do i  need to add below configuration under standalone.xml of jboss server?

             

            Could you please explain what is testserver substitution? 

             

            is this the same value "/home/username/service.keytab"  or  for keytab?

             

             

             

            <system-properties>

                  <property name="java.security.krb5.kdc" value="mykdc.mydomain"/>

                  <property name="java.security.krb5.realm" value="MY_REALM"/>

                </system-properties>

             

            <security-domains>

                <security-domain name="host" cache-type="default">

                  <authentication>

                    <login-module code="Kerberos" flag="required">

                      <module-option name="storeKey" value="true"/>

                      <module-option name="useKeyTab" value="true"/>

                      <module-option name="principal" value="host/testserver@MY_REALM"/>

                      <module-option name="keyTab" value="/home/username/service.keytab"/>

                      <module-option name="doNotPrompt" value="true"/>

                      <module-option name="debug" value="false"/>

                    </login-module>

                   </authentication>

                 </security-domain>

             

             

            Thanks for your time and help.

             

            Kalpana.

              • Actions