0 Replies Latest reply on Sep 7, 2015 7:54 AM by patgal

    Wildfly9 -ApplicationRealm via Kerberos

    patgal

      Hello,

      I'm using Wildfly9.

      I want to authenticate users in my application via Kerberos (exactly Active Directory).  I tried to configure Security Domain like this:

       <security-domain name="SPNEGO" cache-type="default">
                          <authentication>
                              <login-module code="SPNEGO" flag="requisite">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                                  <module-option name="serverSecurityDomain" value="host"/>
                              </login-module>
                              <login-module code="UserRoles" flag="required">
                                  <module-option name="password-stacking" value="useFirstPass"/>
                                  <module-option name="usersProperties" value="spnego-users.properties"/>
                                  <module-option name="rolesProperties" value="spnego-roles.properties"/>
                              </login-module>
                          </authentication>
                      </security-domain>
                      <security-domain name="host" cache-type="default">
                          <authentication>
                              <login-module code="Kerberos" flag="required">
                                  <module-option name="storeKey" value="true"/>
                                  <module-option name="refreshKrb5Config" value="true"/>
                                  <module-option name="useKeyTab" value="true"/>
                                  <module-option name="doNotPrompt" value="true"/>
                                  <module-option name="keyTab" value="C:/work/wildfly/standalone/configuration/***.keytab"/>
                                  <module-option name="principal" value="HTTP/***"/>
                                  <module-option name="debug" value="true"/>
                              </login-module>
                          </authentication>
                      </security-domain>
      

       

      But this configuration don't work for me, the application don't recognize SPENGO name when configured in web.xml .

      I found this article:

      WildFly 9 - Kerberos Authentication for Domain Management Over HTTP | Planet JBoss Developer

      Is possible using configuration from article to app authentication?

      What is the best way to achieve Kerberos Authentication on Wildfly9?

      Cheers!

      PG