Spenego Integration with Wildfly 8.2.1
Hi dastraub
I'am trying to integrate the Spenego with Wildfly 8.2.1 application server and I have followed the steps mentioned in the following link
https://github.com/dstraub/spnego-wildfly
However i'm still finding difficulty in integrating spenego with wildfly. Its always throwing the following exception in the log file:
2018-07-15 18:41:15,722 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-63) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==
2018-07-15 18:41:16,334 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-1) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw== Below is my project structure:
Application.ear
│
├───META-INF
│ application.xml
│ jboss-app.xml
│ jboss-deployment-structure.xml
│
|───Application.war
│ └───WEB-INF
│ │ jboss-web.xml
│ │ web.xml copied the spnego-auth-1.0.1.jar to the Application.war/WEB_INF/lib folder.
standalone-full.xml
<system-properties>
<property name="sun.security.krb5.debug" value="true"/>
<property name="java.security.krb5.kdc" value="hostname.domain.com"/>
<property name="java.security.krb5.realm" value="DOMAIN.COM"/>
<property name="java.security.krb5.conf" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/krb5.conf"/>
<property name="jboss.security.disable.secdomain.option" value="true"/>
<property name="spnego.allow.basic" value="false"/>
<property name="spnego.allow.localhost" value="true"/>
<property name="spnego.allow.unsecure.basic" value="true"/>
<property name="spnego.prompt.ntlm" value="false"/>
<property name="spnego.login.client.module" value="spnego-roles"/>
</system-properties>
:
:
:
<security-domain name="spnego-server">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="debug" value="true"/>
<module-option name="storeKey" value="true"/>
<module-option name="refreshKrb5Config" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/iwa.host.keytab"/>
<module-option name="principal" value="HOST/hostname.domain.com@DOMAIN.COM"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="spnego-roles" cache-type="default">
<authentication>
<login-module code="de.ctrlaltdel.SpnegoAckLoginModule" flag="required"/>
</authentication>
</security-domain> jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>spnego-roles</security-domain>
</jboss-web> krb5.conf
[libdefaults]
default_realm = DOMAIN.COM
default_tkt_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
default_tgs_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
permitted_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
[realms]
DOMAIN.COM = {
kdc = hostname.domain.com
default_domain = DOMAIN.COM
}
[domain_realm]
.domain.com = DOMAIN.COM web.xml
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>sample</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<!-- <auth-constraint> <role-name>*</role-name> </auth-constraint> -->
</security-constraint>
<login-config>
<auth-method>SPNEGO</auth-method>
</login-config>
<security-role>
<role-name>login</role-name>
</security-role>
</web-app>