Integrate Wildfly10 with MS AD and Kerberos

miketomson Jul 10, 2016 4:30 PM

Hi,

I am searching for some examples for integrating Wildfly10 with MS AD and Kerberos.

Here is what I've read:
https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-6.4/how-to-setup-sso-with-kerberos/

http://blog.andyserver.com/2013/07/integrated-windows-authentication-spnego-web-applications-on-jboss-eap-6-1/

This is the scenario I'm insterested in :

1. User logs on to a Windows machine.

2. User starts a web browser.

3. User browses to my web application on the specified URL, and he is automatically logged on to the application, without having to type in his credentials.

4. I am integrating old application with AD. Only after the user is authenticated against AD I must do couple of additional things. All tutorials mentioned above are rather configuring something only. My application had custom login form checking user and password, then it did additional things before login. To be able to do this additional things I must know who just logged in, what roles in AD it has and then I must create http session for him and for example add event to database, that this user just logged in. I propably need something more that above tutorials say, but have no idea what..

1. Re: Integrate Wildfly10 with MS AD and Kerberos

mchoma Jul 12, 2016 1:43 AM (in response to miketomson)

It seems to me this should be main points to solve your problem:
     - Point 1-3 you achieve with SPNEGOLoginModule following mentioned documentation.
     - To get roles from AD you need to use LdapLoginModuleMappingProvider https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-6.4/login-module-reference/#ldaprolesmappingprovider
     - To perform custom post actions you probably have to hook into request processing, probably servlet filter. You should be able to get to user principal with request.getUserPrincipal() for instance.
Actions