This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes JBoss/WildFly and the fly likes SSO using SPNego on Kerberos in JBoss 4.2.2 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "SSO using SPNego on Kerberos in JBoss 4.2.2" Watch "SSO using SPNego on Kerberos in JBoss 4.2.2" New topic

SSO using SPNego on Kerberos in JBoss 4.2.2

Neelesh A Korade

Joined: Jun 07, 2007
Posts: 26
Hi All,

We are trying to implement SSO in our web application with the help of SPNEGO in JBOSS AS 4.2.2.

We are using ‘security-negotiation-2.0.3.GA’ and have followed the user guide Negotiation_User_Guide_(en-US).pdf. After making all changes as mentioned in the user guide, we tried out Negotiation Toolkit web application to test various aspects of SPNEGO configuration. First two tests (Basic Negotiation servlet and Security Domain Test' servlet) were successful, however, for the third servlet (‘Secured’), we are getting following error:

Also, when we run the test using kinit username@KERBEROS.REALM.COM, it prompts us for password. on Entering the correct password, it throws the following exception-

We are using Active Directory with Windows Server 2003 service pack 2, JBOSS AS 4.2.2 on Windows XP service pack 2 and Internet Explorer 6 as client from a Windows XP service pack 2 box.

Could anyone help us fix these exceptions and get our kerberos SSO working? Also, we have some specific questions where we think we might have gone wrong-

1) We executed ktpass as-

Is it correct? Or, do we need to execute it as-

(Note the difference of host vs HTTP)

Documentation at- says that we should execute with HTTP while the user guide mentions it should be host.

2) Do we need to execute ktab.exe on the machine where JBOSS is running? Again user guide asks for it but the documentation at the URL given above doesn't mention that.

3) The account created for JBoss server on active directory is using the same name as the name of the server host machine. Is this fine? Or should the account name be different from the name of the machine hosting the server?

Any help will be much appreciated.

I agree. Here's the link:
subject: SSO using SPNego on Kerberos in JBoss 4.2.2
Similar Threads
SSO using SPNEGO in JBOSS 4.2.2
SSO Using JBoss Negotiation
SPNEGO to JBoss 4.3.2 (with username different from hostname)
Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
Disable SPNEGO login on JBOSS