0 Replies Latest reply on Jun 9, 2015 7:08 AM by batjboss

    Issue in configuring SpnegoLoginModule using jboss Negotiation

    batjboss

      Our application has external customers and intranet users. All external users should be provided a basic authentication. Configured Jbossnegotiation and the related file configuration as per the document.

      web.xml for the fall back is as follows:

       

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>HtmlAdaptor</web-resource-name>

         <description>This is the default security domain</description>

         <url-pattern>/*</url-pattern>

         <http-method>GET</http-method>

         <http-method>POST</http-method>

        </web-resource-collection>

        <auth-constraint>

         <role-name>Role1</role-name>

        </auth-constraint>

      </security-constraint>

      <login-config>

        <auth-method>BASIC</auth-method>

        <realm-name>default</realm-name>

      </login-config> 

       

      <security-role>

        <role-name>Role1</role-name>

      </security-role>

       

      Jboss-web.xml

       

      <jboss-web>

          <context-root>/</context-root>

           <security-domain>java:/jaas/SPNEGO</security-domain>

      </jboss-web>

       

      All changes done in properties-service.xml,web deployer and login-config is as follows

       

      <application-policy name="host">

      <authentication>

        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">

         <module-option name="storeKey">true</module-option>

         <module-option name="useKeyTab">true</module-option>

         <module-option name="principal">HTTP/ABC@XYZ.COM</module-option>

         <module-option name="keyTab">ABC.keytab</module-option>

         <module-option name="doNotPrompt">true</module-option>

         <module-option name="debug">true</module-option>

        </login-module>

      </authentication>

      </application-policy>

      <application-policy name="SPNEGO">

        <authentication>

      <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">

        <module-option name="password-stacking">useFirstPass</module-option>

        <module-option name="serverSecurityDomain">host</module-option>

      </login-module>

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

         <module-option name="password-stacking">useFirstPass</module-option>

            <module-option name="usersProperties">spnego_Users.properties</module-option>

               <module-option name="rolesProperties">spnego_roles.properties</module-option>

             </login-module>

        </authentication>

      </application-policy>

       

      I have spnego_users.properties as

        abc = abc

       

      spnego_roles.properties

       

      abc=Role1

       

      Need to show basic authentication po up for internet users and then should be able to login with username and password abc.abc is not in AD server.

       

      Now after making above changes, application asking for credentials and is not accepting the above value abc/abc.

      Please assist.