since a week I am trying to configure SSO in JBoss. I tried the User Guide for JBoss Negotiation, a couple of Howtos found by google, and a few more.
Im a little bit frustrated now and i think im going to change my job. Iceman is a nice job I think.
I have a win2008 SP2 AD Domain and 2 Win XP SP2 Client.
Jboss webserver.test.net with jboss-4.2.3.GA
I add a new User "webserver" to the AD.
I also done the following commands successful:
setspn -a HTTP/webserver.test.net
ktpass -princ HTTP/webserver.test.net@TES.NET -mapuser webserver -pass "Password
ktab.exe -k c:\webserver.host.keytab -a HTTP/webserver.test.net
Kinit works on the AD and Webserver Server.
I look at the User properties for the User "webserver" and the Account Name change into HTTP/webserver.test.net. I also can see that delegation in allowed at the Delegation tab.
The jboss-negotiation-2.0.3.GA.jar is stored in default/lib
I configured the properties-service.xml, the jboss-service.xml, login.xml
So if I running the Server and start my Firefox 3.10 or the Ie7 (configured for sso) and click the Basic Negotiation i just get to see is
"Warning, this is: NTLM Negotiation WWW-Authenticate - Negotiate TlRMTVNTUAABAAAAB7IIogQABAAxAAAACQAJACgAAAAFASgKAAAAD1dFQlNFUlZFUlRFU1Q= NTLM - Negotiate_Message Warning, this is NTLM, only SPNEGO is supported! Negotiate Flags - (encryption56Bit)(sessionKeyExchange128Bit)(negotiateVersion)(ntlm2)(alwaysSign)(oemWorkstationSupplied)(oemDomainSupplied)(ntlm)(requestTarget)(oem)(unicode) Jboss:
11:55:48,494 INFO [BasicNegotiationServlet] Authorization header received - decoding token. 11:55:48,509 INFO [NTLMNegotiationServlet] Authorization header received - decoding token. 11:55:48,509 INFO [NTLMNegotiationServlet] Using existing message.
If I click on SecurityDomainTest it works. I get a Ticket. So Kerberos works (or not), but its look like i dont get a SPNEGO Ticket.
With wfetch.exe i get the same Result.
I tested the Troubleshooting Things list in the Userguide but I did not get more Informations. So any Ideas?
P.S. I know my english isn t perfekt.