0 Replies Latest reply on Jul 15, 2018 9:54 AM by Nagaraju Chitimilla

    Spenego Integration with Wildfly 8.2.1

    Nagaraju Chitimilla Newbie

      Hi  dastraub

      I'am trying to integrate the Spenego with Wildfly 8.2.1 application server and I have followed the steps mentioned in the following link

      https://github.com/dstraub/spnego-wildfly

      However i'm still finding difficulty in integrating spenego with wildfly. Its always throwing the following exception in the log file:

      2018-07-15 18:41:15,722 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-63) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw== 
      2018-07-15 18:41:16,334 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-1) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==

      Below is my project structure:

      Application.ear 

      ├───META-INF
      │       application.xml
      │       jboss-app.xml
      │       jboss-deployment-structure.xml

      |───Application.war
      │       └───WEB-INF
      │           │   jboss-web.xml
      │           │   web.xml

      copied the spnego-auth-1.0.1.jar to the Application.war/WEB_INF/lib folder.

      standalone-full.xml

          <system-properties> 
                <property name="sun.security.krb5.debug" value="true"/>
                <property name="java.security.krb5.kdc" value="hostname.domain.com"/>
                <property name="java.security.krb5.realm" value="DOMAIN.COM"/>
                <property name="java.security.krb5.conf" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/krb5.conf"/>
                <property name="jboss.security.disable.secdomain.option" value="true"/>
                <property name="spnego.allow.basic" value="false"/>
                <property name="spnego.allow.localhost" value="true"/>
                <property name="spnego.allow.unsecure.basic" value="true"/>
                <property name="spnego.prompt.ntlm" value="false"/>
                <property name="spnego.login.client.module" value="spnego-roles"/>
          </system-properties>
           :
           :
           :
      <security-domain name="spnego-server">
      <authentication>
           <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                <module-option name="debug" value="true"/>
                <module-option name="storeKey" value="true"/>
                <module-option name="refreshKrb5Config" value="true"/>
                <module-option name="useKeyTab" value="true"/>
                <module-option name="doNotPrompt" value="true"/>
                <module-option name="keyTab" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/iwa.host.keytab"/>
                <module-option name="principal" value="HOST/hostname.domain.com@DOMAIN.COM"/>
           </login-module>
      </authentication>
      </security-domain>
      <security-domain name="spnego-roles" cache-type="default">
      <authentication>
           <login-module code="de.ctrlaltdel.SpnegoAckLoginModule" flag="required"/> 
      </authentication>
      </security-domain>

      jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?> 
      <jboss-web>
           <security-domain>spnego-roles</security-domain>
      </jboss-web>

      krb5.conf

      [libdefaults] 
           default_realm = DOMAIN.COM
           default_tkt_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
           default_tgs_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
           permitted_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5 

      [realms]
           DOMAIN.COM = {
                kdc = hostname.domain.com
                default_domain = DOMAIN.COM


      [domain_realm]
           .domain.com = DOMAIN.COM

      web.xml

      <web-app> 
           <security-constraint>
                <web-resource-collection>
                 <web-resource-name>sample</web-resource-name>
                 <url-pattern>/*</url-pattern>
                 <http-method>POST</http-method>
                <http-method>GET</http-method>
              </web-resource-collection>
                <!--    <auth-constraint> <role-name>*</role-name> </auth-constraint> -->
           </security-constraint> 
           <login-config>
                <auth-method>SPNEGO</auth-method>
           </login-config> 
           <security-role>
                <role-name>login</role-name>
           </security-role> 
      </web-app>