[jboss-user] [Security & JAAS/JBoss] - Re: Negotiate with Kerberos
hpkolasani
do-not-reply at jboss.com
Sun Nov 26 14:19:28 EST 2006
I followed the instructions from http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos (using JBoss 4.02) and it appears that the SPNEGO/NTLM handshaking and getting the principal from token seems to be working fine. I can also see that the 'login()' method of 'NegotiateLoginModule' is returning the Principal successfully.
But the silent authentaication is not happening in the 'test' web app.
It looks like in 'HttpServletRequestResponseValve.authenitcate()' , the following code is returning 'null' for the principal.
// Start the authentication with the retrieved user, and a blank
// password. This will be mostly ignored by the login module, but needed
// to do this to allow role retrieval and other stuff to work properly
principal = getContainer().getRealm().authenticate(userId == null ? "" : userId, "");
Here is some log info. from jboss server.log
***********************************************************
2006-11-26 10:26:35,875 INFO [org.apache.jk.server.JkMain] Jk running ID=0 time=0/47 config=null
2006-11-26 10:26:35,875 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)] Started in 13s:47ms
2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at d1afd3
2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] CachePolicy set to: org.jboss.util.TimedCachePolicy at 6e795b
2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 6e795b
2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added SPNEGO, org.jboss.security.plugins.SecurityDomainContext at e1469c to map
2006-11-26 10:27:58,609 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got SecurityAssociationCallback: org.jboss.security.auth.callback.SecurityAssociationCallback at 93a985
2006-11-26 10:27:58,609 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Sending back authorization header
2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null
2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got NegotiateCallback: [B at 8518d4
2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 1 NTLM
2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null
2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got NegotiateCallback: [B at 71d29a
2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 3 NTLM
2006-11-26 10:27:58,687 DEBUG [org.jboss.security.auth.NegotiateLoginModule] Found NTLM token in SPNEGO: [B at 71d29a
2006-11-26 10:28:00,062 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null
***********************************************************
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988666#3988666
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988666
More information about the jboss-user
mailing list