I have a Java standalone client (running mainly on Windows) that looks up and invokes remote EJB. I want to set up SSO for the client so that the Windows credentials are used for authentication and the client can begin running without prompting for credentials from user.
I read that EJB3 authentication with SPNEGO is not possible in JBoss AS7 (EJB3 Authentication With SPNEGO). Is there a plan to introduce this in the future? Is there a write-up somewhere of what needs to be done to enable this in JBoss AS7/EAP6 ?
Is there an alternative? If I use the Krb5LoginModule in the client, can I authenticate to the KDC from the client side and then propagate the token in my EJB invocations ? I suppose I can create a callback handler that sends the token as the username/password for the invocations. At that point, I will need to write a login module on the server to verify the token, is that correct?
Would appreciate advice/guidance on how to achieve this.