[jboss-jira] [JBoss JIRA] (SECURITY-640) Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
Hrishi Salvi (JIRA)
jira-events at lists.jboss.org
Fri Jan 13 03:54:22 EST 2012
[ https://issues.jboss.org/browse/SECURITY-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hrishi Salvi updated SECURITY-640:
----------------------------------
Steps to Reproduce:
edit web.xml as
<web-resource-collection>
<web-resource-name>Restricted</web-resource-name>
<url-pattern>/Request</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>SPNEGO</realm-name>
</login-config>
edit jboss-web.xml
<security-domain>java:/jaas/SPNEGO</security-domain>
edit login-config.xml
<application-policy name="host">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule"
flag="required">
<module-option name="storeKey">true</module-option>
<module-option name="useKeyTab">true</module-option>
<module-option name="principal">%princpal%</module-option>
<module-option name="keyTab">%keytab path%</module-option>
<module-option name="doNotPrompt">true</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name="SPNEGO">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="serverSecurityDomain">host</module-option>
</login-module>
</authentication>
</application-policy>
> Jboss Negotiation fallback to login page if NTLM token is received or the user is not present in active directory.
> ------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-640
> URL: https://issues.jboss.org/browse/SECURITY-640
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Negotiation
> Environment: Active Directory Winwos 2003, Client Machine windows XP, Jboss Server Machine Window XP and Jboss 6.1
> Reporter: Hrishi Salvi
> Assignee: Darran Lofthouse
>
> We are trying to configure the single sign on using jboss negotiation.
> We are able to login successfully if the user is present in active directory.
> But in case if user is not present in active directory users, it throw 401 error page.
> Instead of 401 we want user to access login form and authenticate user using different login module.
> In our case we have login page we authenticate user on that page.
> If we receive user credentials we login the user without asking for password.
> Now if the user credentials are not received then we want user to open login form present
> on login page, but before that is throws 401 error.
> We have configure the login-config.xml, web.xml and jboss-web.xml as per the documentation.
> Also defined
> <web-resource-collection>
> <web-resource-name>Restricted</web-resource-name>
> <url-pattern>/Request</url-pattern>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> </web-resource-collection>
> in web.xml
> Our application is access through Request servlet.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list