2 Replies Latest reply on Jan 20, 2015 10:39 AM by Michael Schiessl

    Wildfly SPNEGO Authentication

    Michael Schiessl Newbie

      Hello,

       

      I am trying to migrate our projects from JBoss 6.1 to wildfly 8.2.

       

      We need SPNEGO Kerberos Authentication, which worked in JBoss 6.1.

      For Wildfly I followed instructions from http://de.slideshare.net/josef.cacek/dev-conf2013-ltkerberosas7, but it does not work.

      In web.xml I am using login-config SPNEGO, which is missing in that slides:

      ...

      <login-config>

              <auth-method>SPNEGO</auth-method>

              <realm-name>SPNEGO</realm-name>

          </login-config>

       

      I tried to define a ServletExtension for SPNEGO, which is recognized, but the Subject is null, which may be the reason it does not work:

       

      public class SpnegoFactory implements AuthenticationMechanismFactory {

          @Override

          public AuthenticationMechanism create(String mechanismName, FormParserFactory formParserFactory, Map<String, String> properties) {

              GSSAPIServerSubjectFactory subjectFactory = new GSSAPIServerSubjectFactory() {

                  @Override

                  public Subject getSubjectForHost(String host) throws GeneralSecurityException {

                      try {

                          return (Subject) PolicyContext.getContext("javax.security.auth.Subject.container");

                      } catch (PolicyContextException e) {

                          e.printStackTrace();

                      }

                      return null;

                  }

              };

              return new GSSAPIAuthenticationMechanism(subjectFactory);

          }

      }

      Can anybody help me on this Problem?

      Thanx,

      Michael