Configure Kerberos for JBOSS EAP 6.4
shyagrawal Nov 4, 2015 8:31 AMHi,
I am getting Error while hitting URL of jboss server.
18:59:55,212 INFO [stdout] (http-/127.0.0.1:8080-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is F:\Tools\Jboss-EAP\standalone\configuration\kerbores.keytab refreshKrb5Config is false principal is HTTP/kerbores@myRealm tryFirstPass is false useFirstPass is false storePass is false clearPass is false
18:59:55,296 INFO [stdout] (http-/127.0.0.1:8080-1) [Krb5LoginModule] authentication failed
18:59:55,296 INFO [stdout] (http-/127.0.0.1:8080-1) Client not found in Kerberos database (6)
I followed all the steps mentions in below URL.
My krbf.ini is placed in C:\Windows\krb5.ini which contains all the information related to realms and domain.
I am able to run kinit command and new ticket is getting generated.
"New ticket is stored in cache file C:\Users\shyagrawal\krb5cc_shyagrawal"
I modified standalone.bat file as mentioned in URL.
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="principal" value="HTTP/kerbores@MyRealm"/>
<module-option name="keyTab" value="F:\Tools\Jboss-EAP\standalone\configuration\kerbores.keytab"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="debug" value="true"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
</authentication>
</security-domain>
Added code in web.xml file.
Web.xml
<security-constraint>
<display-name>require valid user</display-name>
<web-resource-collection>
<web-resource-name>Kerberos Application</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<!-- <user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint> -->
</security-constraint>
<security-role>
<description>security role</description>
<role-name>*</role-name>
</security-role>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>SPNEGO</security-domain>
<valve>
<class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>
<jacc-star-role-allow>true</jacc-star-role-allow>
<context-root>kerberoes</context-root>
</jboss-web>
Please let me know if I missed anything in above steps.
Thanks,
Shyam Agrawal