Pasqualino Imbemba [https://community.jboss.org/people/pi4630] created the discussion
"SSO with Kerberos in JBoss-6.0.0.Final" To view the discussion, visit: https://community.jboss.org/message/759142#759142 -------------------------------------------------------------- Hi, I'm trying to enable kerberos SSO on my JBoss-6.0.0.-Final. To this purpose, I have created the following: 1. a simple webapplication in jsf 2. linux server has a keytab file and is part of ms active directory 3. added an application policy (see below, named "SPNEGO") that uses Kerberos Module 4. the jsf contains a jboss specific deplyoment descriptor that refers to the security domain defined at 3. 5. in the jsf's web.xml, I've set the auth-method and the realm-name I stil can access the JSF from a PC without kerberos ticket. Where am I doing wrong? web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd";> <display-name>Tic Tac Toe</display-name> <servlet> <servlet-name>Faces Servlet</servlet-name> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Faces Servlet</servlet-name> <url-pattern>*.jsf</url-pattern> </servlet-mapping> <!-- Added by @pb26683 --> <login-config> <auth-method>CLIENT_CERT</auth-method> <realm-name>SPNEGO</realm-name> </login-config> </web-app> jboss-web.xml <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 5.0//EN http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd> <jboss-web> <security-domain>java:/jaas/SPNEGO</security-domain> </jboss-web> login-conf.xml <application-policy name="spnego-server"> <authentication> <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"> <module-option name="storeKey">true</module-option> <module-option name="doNotPrompt">true</module-option> <module-option name="debug">true</module-option> <module-option name="useKeyTab">true</module-option> <module-option name="keyTab">/etc/develux.keytab</module-option> <module-option name="principal">HTTP/develux.prov.bz</module-option> </login-module> </authentication> </application-policy> <application-policy name="SPNEGO"> <!--SPNEGO is short for Simple and Protected GSSAPI Negotiation Mechansim. See http://en.wikipedia.org/wiki/SPNEGO or details.--> <authentication> <login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="serverSecurityDomain">spnego-server</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="usersProperties">props/spnego-users.properties</module-option> <module-option name="rolesProperties">props/spnego-roles.properties</module-option> </login-module> </authentication> </application-policy> I'm thankful for any hint! -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/759142#759142] Start a new discussion in Beginner's Corner at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
