• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
  • Mikalai Zaikin

SSO using SPNego on Kerberos in JBoss 4.2.2

Posts: 26
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

We are trying to implement SSO in our web application with the help of SPNEGO in JBOSS AS 4.2.2.

We are using ‘security-negotiation-2.0.3.GA’ and have followed the user guide Negotiation_User_Guide_(en-US).pdf. After making all changes as mentioned in the user guide, we tried out Negotiation Toolkit web application to test various aspects of SPNEGO configuration. First two tests (Basic Negotiation servlet and Security Domain Test' servlet) were successful, however, for the third servlet (‘Secured’), we are getting following error:

Also, when we run the test using kinit username@KERBEROS.REALM.COM, it prompts us for password. on Entering the correct password, it throws the following exception-

We are using Active Directory with Windows Server 2003 service pack 2, JBOSS AS 4.2.2 on Windows XP service pack 2 and Internet Explorer 6 as client from a Windows XP service pack 2 box.

Could anyone help us fix these exceptions and get our kerberos SSO working? Also, we have some specific questions where we think we might have gone wrong-

1) We executed ktpass as-

Is it correct? Or, do we need to execute it as-

(Note the difference of host vs HTTP)

Documentation at- http://community.jboss.org/wiki/ConfiguringJBossNegotiationinanallWindowsDomain says that we should execute with HTTP while the user guide mentions it should be host.

2) Do we need to execute ktab.exe on the machine where JBOSS is running? Again user guide asks for it but the documentation at the URL given above doesn't mention that.

3) The account created for JBoss server on active directory is using the same name as the name of the server host machine. Is this fine? Or should the account name be different from the name of the machine hosting the server?

Any help will be much appreciated.

With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
    Bookmark Topic Watch Topic
  • New Topic