Register / Login
Other JSE/JEE APIs
Tomcat: Valve with SPNEGO-Authentication
posted 7 years ago
I'm developing a
valve to authenticate users with SPNEGO/Kerberos in a Windows environment, using
6 and GSSAPI.
So far, I extended AuthenticatorBase and overwrote the authenticate-method. That allowed me to get the client to use SPNEGO, that is send a Kerberos ticket.
To check the ticket in the request, I first need a GSSContext, and that needs GSSCredentials for the valve:
Oid spnegoOid = null;
spnegoOid = new Oid("184.108.40.206.5.5.2");
GSSCredential myCreds = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);
My problem: the last line fails: "No valid credentials provided"
I think it's because it doesn't access my config file and keytab file.
How can I tell the GSSAPI where the config files are? Or do I have to place them in a special folder?
I know how to tell JAAS where to get, but I have no idea how to do it for that.
In case anyone can come up with useful links for Tomcat & SPNEGO, I would be gladful, too!
Need help with transparent single sign-on servlet filter
single signon with java GSS-API kerberos/SPNEGO
Disable SPNEGO login on JBOSS
SSO using SPNego on Kerberos in JBoss 4.2.2
SSO using SPNEGO in JBOSS 4.2.2