Hi,

I am getting Error while hitting URL of jboss server.

18:59:55,212 INFO  [stdout] (http-/127.0.0.1:8080-1) Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is F:\Tools\Jboss-EAP\standalone\configuration\kerbores.keytab refreshKrb5Config is false principal is HTTP/kerbores@myRealm tryFirstPass is false useFirstPass is false storePass is false clearPass is false

18:59:55,296 INFO  [stdout] (http-/127.0.0.1:8080-1)            [Krb5LoginModule] authentication failed

18:59:55,296 INFO  [stdout] (http-/127.0.0.1:8080-1) Client not found in Kerberos database (6)

I followed all the steps mentions in below URL.

https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.4/html/Security_Guide/Configure_Kerberos_or_Microsoft_Active_Directory_Desktop_SSO_for_Web_Applications.html

My krbf.ini is placed in C:\Windows\krb5.ini which contains all the information related to realms and domain.

I am able to run kinit command and new ticket is getting generated.

"New ticket is stored in cache file C:\Users\shyagrawal\krb5cc_shyagrawal"

I modified standalone.bat file as mentioned in URL.

<security-domain name="host" cache-type="default">

                    <authentication>

                        <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">

                            <module-option name="storeKey" value="true"/>

                            <module-option name="useKeyTab" value="true"/>

                            <module-option name="principal" value="HTTP/kerbores@MyRealm"/>

                            <module-option name="keyTab" value="F:\Tools\Jboss-EAP\standalone\configuration\kerbores.keytab"/>

                            <module-option name="doNotPrompt" value="true"/>

                            <module-option name="debug" value="true"/>

                        </login-module>

                    </authentication>

                </security-domain>

                <security-domain name="SPNEGO" cache-type="default">

                    <authentication>

                        <login-module code="SPNEGO" flag="requisite">

                            <module-option name="password-stacking" value="useFirstPass"/>

                            <module-option name="serverSecurityDomain" value="host"/>

                        </login-module>

                    </authentication>

                </security-domain>

Added code in web.xml file.

Web.xml

<security-constraint>

        <display-name>require valid user</display-name>

        <web-resource-collection>

            <web-resource-name>Kerberos Application</web-resource-name>           

            <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

            <role-name>*</role-name>

        </auth-constraint>

        <!-- <user-data-constraint>

        <transport-guarantee>NONE</transport-guarantee>

      </user-data-constraint> -->

    </security-constraint>

    <security-role> 

        <description>security role</description>

        <role-name>*</role-name>

    </security-role>

jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>

<jboss-web>

    <security-domain>SPNEGO</security-domain>

    <valve>

    <class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>

    </valve>

    <jacc-star-role-allow>true</jacc-star-role-allow>

    <context-root>kerberoes</context-root>

</jboss-web>

Please let me know if I missed anything in above steps.

Thanks,

Shyam Agrawal