Hello all, I'm still trying to Kerberize my JBoss portal, and i go futher everyday... but it takes time :P OK, so let's sum up : I have a Kerberos Server (KDC), an Apache in front of a Tomcat/Jboss, and a LDAP which JBoss can read (set in ldap_identity-config.xml). Apache can display JBossPortal using the tomcat communicator mod_jk. I put the "JkEnvVar REMOTE_USER" line in the mod_jk conf file so that Apache "tells" JBoss who tries to log in. I also wrote into the server.xml file to bypass standard tomcat authentication : <!-- Define an AJP 1.3 Connector on port 8009 --> | <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3" | emptySessionPath="true" enableLookups="false" redirectPort="8443" tomcatAuthentication="false" /> | | <Engine name="jboss.web" defaultHost="localhost"> Now what happens ? When a user tries to access the portal, he's asked to get a TGT from the KDC, then he's asked a TGS(HTTP) in order to access Apache. When he gets to the JBossPortal page, JBoss goes and see who he really is in the LDAP, using the REMOTE_USER variable Apache gave him, and logs him in, if he ever is in the LDAP. On the top-right corner, you can see the username as defined in the LDAP. So what's the problem ? Well, the thing is, JBoss/Tomcat logs users fine, but they don't get their profile. And since the portlets i use _depend_on_ the user's profile i really need that information. I think i have to find out more on how the fact that setting "tomcatAuthentication" to false screw things up... So if you have any idea ... feel free to tell me :) previous post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4111256#... http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4106371#... View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4112616#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...