1 Reply Latest reply on Jun 2, 2006 11:16 AM by senthil kumar

    Negotiate Authentication SPNEGO Runtime Settings

    senthil kumar Newbie


      I want to use Negotiate Authentication, (silent authentication, ie my windows login credentials should be automatically silently taken to jboss)

      I read wiki page(http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos)

      I want to run that sample application, I need the runtime settings information, who already run please help me

      Can I run from my home pc ?(i have windows 2000 server and Internet connection)

      Or Do I need really 2 comptuers (one with windows 2000 server, and one with windows xp)?
      (i can try in my office)

      JDK 1.4 or JDK 1.5 ?

      what values i have to give for domainController (ip address of windows 2000 server?)

      and for defaultDomain(suppose i created domain like MYDOMAIN.LOCAL, so i have to give MYDOMAIN or MYDOMAIN.LOCAL ?)

      give me some links, so that i can understand what is spnego, and working things behind


        • 1. Re: Negotiate Authentication SPNEGO Runtime Settings
          senthil kumar Newbie

          Thanks a lot to Jochen, I am slowly understanding Negotiate Authentication.

          I am able to run Negotiate Authentication, I have Win XP workstation which is in Win 2000 Domain. My workstation is in India, our Win 2000 Domain Controller is in Toronto.

          So I could not see what are groupnames given to my username, I know every username in Active Directory will have a group called Domain Users, so I mentioned this as role-name in my web.xml and used the following code to display other group names(alloted for me)

           Subject userSubject=(Subject)PolicyContext.getContext("javax.security.auth.Subject.container");

          Wiki page says you have to replace <attribute...>WebCallbackHandler line with <attribute...>AdvancedWebCallbackHandler line. But there is no line as <attribute...>WebCallbackHandler. I just added the <attribute...> line for AdvancedWebCallbackHandler

          I am able to run on JBoss 4.0.2 with JDK 1.5. If I am trying to run on JDK 1.4.2, I am getting the following exception

          14:52:17,665 ERROR [CoyoteAdapter] An exception or error occurred in the container during the req
          uest processing
          java.lang.NoClassDefFoundError: jcifs/ntlmssp/Type3Message
           at org.jboss.web.tomcat.security.HttpServletRequestResponseValve.authenticate(HttpServlet
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
           at org.jboss.web.tomcat.security.HttpServletRequestResponseValve.invoke(HttpServletReques
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http
           at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
           at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:11
           at java.lang.Thread.run(Thread.java:534)

          Please Let me know if anybody is able to run with JBoss 4.0.2 and JDK 1.4.2

          But our project is on JBoss 3.2.3 (Porting into 4.0.2 will happen at 2007). But I have to implement Negotiate Authentication within one or two weeks time. Is there any solution which can run on JBoss 3.2.3, And it should be free. I have to do this for Websphere, Weblogic, SAP Netweaver also.

          If anyone is able run this(Negotiate Authentication) on JBoss 3.2.3, please tell me