This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Is it possible to authenticate web services (SOAP) using Kerberos tickets (obtained by authentication versus Active Directory) with popular OSS Java application servers (in my case primarily JBoss)? I would like to obtain interoperability between Microsoft and Java based web services on our LAN/WAN. We have no need for signing or encryption on the LAN/WAN (but passwords is not allowed to be sent in plain text). I would like to avoid SSL encrypting everything just to not send the password in plain text. Kerberos would work nicely with our MS services and is as I understand it a compact token (compared to for instance more interoperable alternatives like SAML).
If it is possible how would I go about it (do I need some additional components/products etc, how can I find info about how to configure JBoss)?
I have tried "googling" it but most of the info I find has to do with WEB APPLICATION authentication and not WEB SERVICE...