A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Other JSE/JEE APIs
Tomcat: Valve with SPNEGO-Authentication
Joined: Oct 15, 2008
May 13, 2009 09:10:11
I'm developing a
valve to authenticate users with SPNEGO/Kerberos in a Windows environment, using
6 and GSSAPI.
So far, I extended AuthenticatorBase and overwrote the authenticate-method. That allowed me to get the client to use SPNEGO, that is send a Kerberos ticket.
To check the ticket in the request, I first need a GSSContext, and that needs GSSCredentials for the valve:
Oid spnegoOid = null;
spnegoOid = new Oid("18.104.22.168.5.5.2");
GSSCredential myCreds = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);
My problem: the last line fails: "No valid credentials provided"
I think it's because it doesn't access my config file and keytab file.
How can I tell the GSSAPI where the config files are? Or do I have to place them in a special folder?
I know how to tell JAAS where to get, but I have no idea how to do it for that.
In case anyone can come up with useful links for Tomcat & SPNEGO, I would be gladful, too!
It is sorta covered in the
JavaRanch Style Guide
subject: Tomcat: Valve with SPNEGO-Authentication
Need help with transparent single sign-on servlet filter
single signon with java GSS-API kerberos/SPNEGO
Disable SPNEGO login on JBOSS
SSO using SPNego on Kerberos in JBoss 4.2.2
SSO using SPNEGO in JBOSS 4.2.2
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015