
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>

<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">


<div>

        <table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">

                <tbody>

                        <tr>


                                <td>


                                        <table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">

                                                <tbody>

                                                        <tr>

                                                                <td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">

                                                                        <h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">

                                                                        <!-- To have a header image/logo replace the name below with your img tag -->

                                                                        <!-- Email clients will render the images when the message is read so any image -->

                                                                        <!-- must be made available on a public server, so that all recipients can load the image. -->

                                                                        <a href="https://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>

                                                                </td>


                                                        </tr>

                                                        <tr>

                                                                <td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px;  -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">

    SSO with Kerberos in JBoss-6.0.0.Final

</h3>

<span style="margin-bottom: 10px;">

    created by <a href="https://community.jboss.org/people/pi4630">Pasqualino Imbemba</a> in <i>Beginner's Corner</i> - <a href="https://community.jboss.org/message/759142#759142">View the full discussion</a>

</span>

<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">


<div class="jive-rendered-content"><p>Hi,</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>I'm trying to enable kerberos SSO on my JBoss-6.0.0.-Final.</p><p>To this purpose, I have created the following:</p><ol><li style="text-align: start;">a simple webapplication in jsf</li><li style="text-align: start;">linux server has a keytab file and is part of ms active directory</li><li style="text-align: start;">added an application policy (see below, named "SPNEGO") that uses Kerberos Module</li><li style="text-align: start;">the jsf contains a jboss specific deplyoment descriptor that refers to the security domain defined at 3.</li><li style="text-align: start;">in the jsf's web.xml, I've set the auth-method and the realm-name</li></ol><p style="text-align: start;">I stil can access the JSF from a PC without kerberos ticket.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="text-align: start;">Where am I doing wrong?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="text-align: start;">web.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><pre class="jive-pre"><code class="jive-code jive-xml">

<span class="jive-xml-tag">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span>

<span class="jive-xml-tag"><span>&lt;web-app id="WebApp_ID" version="2.5"

&#160;&#160;&#160; xmlns="</span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a><span>" xmlns:xsi="</span><a class="jive-link-external-small" href="http://www.w3.org/2001/XMLSchema-instance" target="_blank">http://www.w3.org/2001/XMLSchema-instance</a><span>"

&#160;&#160;&#160; xsi:schemaLocation="</span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/javaee" target="_blank">http://java.sun.com/xml/ns/javaee</a><span> </span><a class="jive-link-external-small" href="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" target="_blank">http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd</a><span>"&gt;</span></span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;display-name&gt;</span>Tic Tac Toe<span class="jive-xml-tag">&lt;/display-name&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;servlet&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;servlet-name&gt;</span>Faces Servlet<span class="jive-xml-tag">&lt;/servlet-name&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;servlet-class&gt;</span>javax.faces.webapp.FacesServlet<span class="jive-xml-tag">&lt;/servlet-class&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;load-on-startup&gt;</span>1<span class="jive-xml-tag">&lt;/load-on-startup&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/servlet&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;servlet-mapping&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;servlet-name&gt;</span>Faces Servlet<span class="jive-xml-tag">&lt;/servlet-name&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;url-pattern&gt;</span>*.jsf<span class="jive-xml-tag">&lt;/url-pattern&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/servlet-mapping&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-comment">&lt;!-- Added by @pb26683 --&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;login-config&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;auth-method&gt;</span>CLIENT_CERT<span class="jive-xml-tag">&lt;/auth-method&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;realm-name&gt;</span>SPNEGO<span class="jive-xml-tag">&lt;/realm-name&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/login-config&gt;</span>

<span class="jive-xml-tag">&lt;/web-app&gt;</span></code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>jboss-web.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><pre class="jive-pre"><code class="jive-code jive-xml">

<span class="jive-xml-tag">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span>

&lt;!DOCTYPE jboss-web PUBLIC <span class="jive-xml-quote">-//JBoss//DTD Web Application 5.0//EN</span> <span class="jive-xml-quote"><a class="jive-link-external-small" href="http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd" target="_blank">http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd</a></span>&gt;

<span class="jive-xml-tag">&lt;jboss-web&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;security-domain&gt;</span>java:/jaas/SPNEGO<span class="jive-xml-tag">&lt;/security-domain&gt;</span>

<span class="jive-xml-tag">&lt;/jboss-web&gt;</span></code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>login-conf.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><pre class="jive-pre"><code class="jive-code jive-xml">

<span class="jive-xml-tag">&lt;application-policy name="spnego-server"&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;authentication&gt;</span>

&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="storeKey"&gt;</span>true<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="doNotPrompt"&gt;</span>true<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="debug"&gt;</span>true<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="useKeyTab"&gt;</span>true<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="keyTab"&gt;</span>/etc/develux.keytab<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="principal"&gt;</span>HTTP/develux.prov.bz<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/login-module&gt;</span>

&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/authentication&gt;</span>

&#160; <span class="jive-xml-tag">&lt;/application-policy&gt;</span>


&#160; <span class="jive-xml-tag">&lt;application-policy name="SPNEGO"&gt;</span>

&#160;&#160;&#160;&#160; <span class="jive-xml-comment"><span>&lt;!--SPNEGO is short for Simple and Protected GSSAPI Negotiation Mechansim. See </span><a class="jive-link-external-small" href="http://en.wikipedia.org/wiki/SPNEGO" target="_blank">http://en.wikipedia.org/wiki/SPNEGO</a><span> or details.--&gt;</span></span>

&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;authentication&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;login-module

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; flag="requisite"&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="password-stacking"&gt;</span>useFirstPass<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="serverSecurityDomain"&gt;</span>spnego-server<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/login-module&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;login-module

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; code="org.jboss.security.auth.spi.UsersRolesLoginModule"

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; flag="required"&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="password-stacking"&gt;</span>useFirstPass<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="usersProperties"&gt;</span>props/spnego-users.properties<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;module-option name="rolesProperties"&gt;</span>props/spnego-roles.properties<span class="jive-xml-tag">&lt;/module-option&gt;</span>

&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/login-module&gt;</span>

&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/authentication&gt;</span>

&#160; <span class="jive-xml-tag">&lt;/application-policy&gt;</span>

</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>I'm thankful for any hint!</p></div>


<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">

    <p style="margin: 0;">Reply to this message by <a href="https://community.jboss.org/message/759142#759142">going to Community</a></p>

        <p style="margin: 0;">Start a new discussion in Beginner's Corner at <a href="https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075">Community</a></p>

</div></td>

                        </tr>

                    </tbody>

                </table>


                </td>

            </tr>

        </tbody>

    </table>


</div>


</body>

</html>