0 Replies Latest reply on Mar 4, 2008 6:32 AM by Adrien Loyat

    NegotiateKerberos and JbossAdmin Group issue

    Adrien Loyat Newbie

      Hello

      I tried to use the NTLM authentification as described here http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos.
      I'm using jboss AS 4.2.2 GA.
      I'm using the test case found on the wiki page.

      My Activ Directory server traces my authentification. But jboss (or whatever it is) gives me the roles of JBossAdmin. In the AD, I'm not part of any group named like this. Thus if in the web.xml file of the test case I change JBossAdmin by one the the group I am a member of, I cannot access the ressources (code 403).

      So my question is, where dose such a group come from ?




      2008-03-03 17:03:26,857 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, principal=1204560206854
      2008-03-03 17:03:26,857 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=9
      2008-03-03 17:03:26,857 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.NegotiateLoginModule
      ControlFlag: LoginModuleControlFlag : required
      Options:name=defaultDomain, value=CIG.local
      name=domainController, value=srv-cig.cigidf1.local
      name=loadBalance, value=false

      2008-03-03 17:03:26,858 TRACE [org.jboss.security.auth.NegotiateLoginModule] initialize, instance=@22758614
      2008-03-03 17:03:26,858 TRACE [org.jboss.security.auth.NegotiateLoginModule] Security domain: SPNEGO
      2008-03-03 17:03:26,868 TRACE [org.jboss.security.auth.NegotiateLoginModule] commit, loginOk=true
      2008-03-03 17:03:26,868 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, lc=javax.security.auth.login.LoginContext@1044daf, subject=Subject(25701656).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)org.jboss.
      security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat)))
      2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] updateCache, inputSubject=Subject(25701656).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)
      org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat))), cacheSubject=Subject(21533658).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)
      org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat)))
      2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1e30857[Subject(21533658).principals=
      jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)org.jboss.security.SimpleGroup@5440318
      (Roles(members:JBossAdmin(members:TOTO\loyat))),credential.class=java.lang.String@12759798,
      expirationTime=1204561961713]
      2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, true
      2008-03-03 17:03:26,870 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: 1204560206854 is authenticated
      2008-03-03 17:03:26,870 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Objet :
      Principal : TOTO\loyat
      Principal : Roles(members:JBossAdmin(members:TOTO\loyat))
      , sc=org.jboss.security.SecurityAssociation$SubjectContext@389922{principal=1204560206854,subject=30255134}
      2008-03-03 17:03:26,871 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1e30857[Subject(21533658).principals=jcifs.smb.NtlmPasswordAuthentication@6207304
      (TOTO\loyat)org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat))),credential.class=java.lang.String@
      12759798,expirationTime=1204561961713]




      Thanks for your answers.
      Adrien