Wildfly9 -ApplicationRealm via Kerberos
patgal Sep 7, 2015 7:54 AMHello,
I'm using Wildfly9.
I want to authenticate users in my application via Kerberos (exactly Active Directory). I tried to configure Security Domain like this:
<security-domain name="SPNEGO" cache-type="default"> <authentication> <login-module code="SPNEGO" flag="requisite"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="serverSecurityDomain" value="host"/> </login-module> <login-module code="UserRoles" flag="required"> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="usersProperties" value="spnego-users.properties"/> <module-option name="rolesProperties" value="spnego-roles.properties"/> </login-module> </authentication> </security-domain> <security-domain name="host" cache-type="default"> <authentication> <login-module code="Kerberos" flag="required"> <module-option name="storeKey" value="true"/> <module-option name="refreshKrb5Config" value="true"/> <module-option name="useKeyTab" value="true"/> <module-option name="doNotPrompt" value="true"/> <module-option name="keyTab" value="C:/work/wildfly/standalone/configuration/***.keytab"/> <module-option name="principal" value="HTTP/***"/> <module-option name="debug" value="true"/> </login-module> </authentication> </security-domain>
But this configuration don't work for me, the application don't recognize SPENGO name when configured in web.xml .
I found this article:
WildFly 9 - Kerberos Authentication for Domain Management Over HTTP | Planet JBoss Developer
Is possible using configuration from article to app authentication?
What is the best way to achieve Kerberos Authentication on Wildfly9?
Cheers!
PG