• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Tomcat: Valve with SPNEGO-Authentication

 
Tobias Kalke
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
I'm developing a Tomcat valve to authenticate users with SPNEGO/Kerberos in a Windows environment, using Java 6 and GSSAPI.

So far, I extended AuthenticatorBase and overwrote the authenticate-method. That allowed me to get the client to use SPNEGO, that is send a Kerberos ticket.

To check the ticket in the request, I first need a GSSContext, and that needs GSSCredentials for the valve:

Oid spnegoOid = null;
spnegoOid = new Oid("1.3.6.1.5.5.2");
GSSCredential myCreds = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);

My problem: the last line fails: "No valid credentials provided"

I think it's because it doesn't access my config file and keytab file.

How can I tell the GSSAPI where the config files are? Or do I have to place them in a special folder?
I know how to tell JAAS where to get, but I have no idea how to do it for that.

In case anyone can come up with useful links for Tomcat & SPNEGO, I would be gladful, too!

Cheers,
Tobias
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic