[jboss-user] [Security & JAAS/JBoss] - JBoss on Windows XP, Kerberos MIT on unix, SPNEGO issue

[neoben]

Hello,

I am trying to deploy a simple test environment for the Jboss login module supporting SPNEGO authenthication (Jboss-negotiation.2.0.3.GA).
I have installed Kerberos MIT 5 on a debian box and created the realm MYCOMPANY.NET, plus a user and a service principal for jboss. 

The Jboss server is running on my winXP workstation which I log in using a local account. It is accessible at the URL: http://hostname.mycompany.net:15000/. The test security domain on the toolkit works well. 

I installed MIT kerberos on the same winXP workstation and I use it to get Kerberos Tickets. I configured firefox and change the following properties:
- network.auth.use-sspi=false; 
- network.negotiate-auth.gsslib=C:\Program Files\MIT\Kerberos\bin\gssapi32.dll
- network.negotiate-auth.trusted-uris=.mycompany.net
With the configuration above, when I try the Basic negotiation servlet, it brings the KerberosMIT client in the front and prompt for a usersname and password for the realm MYCOMPANY.NET. But whatever the ticket i get back from kerberos, I get a HTTP 401...
If I only change network.negotiate-auth.trusted-uris=.mycompany.net and leave everything else on the default value, I get the documented error page for the basic negociation. I don't understand why my browser does not trust the server...

Any help appreciated!

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4210988#4210988

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4210988