2 Replies Latest reply on Sep 9, 2008 7:53 AM by Alexander Degenstein

    SPNEGO Rich Client Support

    Alexander Degenstein Newbie

      Hi,
      do anybody know whether there is a way to use the JBoss Negotiation projekt to use with a rich client instead of a web client? It means the, the transfer of the Kerberos Ticket don't be executed by the browser but by the Rich Client by JAAS loginModule...

        • 1. Re: SPNEGO Rich Client Support
          Darran Lofthouse Master

          No that feature is not currently available as we have been focussing on the Web invocations.

          The following Jira would add this if there is demand: -

          https://jira.jboss.org/jira/browse/SECURITY-130

          Please feel free to vote for the issue and add as a comment the scenario you are looking at.

          • 2. Re: SPNEGO Rich Client Support
            Alexander Degenstein Newbie

            Because i have written my own Kerberos based JAAS LoginModules (slient and serverside).

            Know i'am searching a way to use the protected EJB's from a webUI. The EJB's have to be protected by one security-domain which handles the rich-client invokes and there (Kerberos based) authentication. But furthermore i need to invoke the same EJB's by a webUI...and here i would use the SPNEGO implementation...but I don't how i could implement an alternative JAAS authentication or security-domain for only one EJB.

            My idea seems to me like following:
            If the user use the WebUI, the authentification should be based on SPNEGO or maybe a simple DB authentification. If the other Rich Clients invoke the EJB's the authentification should be based on my own Kerberos authentification.

            Are there any ideas? Or is there no way to protect one EJB with different alternative security-domains?