[jboss-user] [Security & JAAS/JBoss] - Re: Problem with SPNEGO Negotiation

chausberger do-not-reply at jboss.com
Thu Jul 31 10:50:07 EDT 2008 

does this mean that I have to specifiy the principal for the windows user that get's authenticated via SPNEGO in both the spnego-roles.properties and in login-config.xml in the UsersRolesLoginModule  ?

My UsersRolesLoginModule looks like this:

 </login-module>
                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                                flag="required">
                                <module-option name="password-stacking">useFirstPass</module-option>
                                <module-option name="principal">hausberger at MYDOMAIN</module-option>
                                <module-option name="usersProperties">props/spnego-users.properties</module-option>
                                <module-option name="rolesProperties">props/spnego-roles.properties</module-option>
                        </login-module>


and my spnego-roles.properties like this:
hausberger at MYDOMAIN=Users


when I access the negotion toolkit page I get this in the server.log:

2008-07-31 16:45:33,865 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, sub
        Principal: hausbergers at MYDOMAIN
        Principal: Roles(members)
        Principal: CallerPrincipal(members:hausbergers at MYDOMAIN)


when I access the "Secured" page, I get this in the server.log:

2008-07-31 16:47:13,205 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2008-07-31 16:47:13,205 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2008-07-31 16:47:13,205 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2008-07-31 16:47:14,046 TRACE [org.jboss.security.negotiation.spnego.SPNEGOAuthenticator] Authenticating user
2008-07-31 16:47:14,046 TRACE [org.jboss.security.negotiation.spnego.SPNEGOAuthenticator] Already authenticated 'hausbergers at MYDOMAIN'
2008-07-31 16:47:14,046 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2008-07-31 16:47:14,126 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2008-07-31 16:47:14,127 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2008-07-31 16:47:14,127 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2008-07-31 16:47:14,129 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2008-07-31 16:47:14,129 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2008-07-31 16:47:14,129 TRACE [org.jboss.security.SecurityAssociation] clear, server=true



does this mean that the user has the "members" role? where would I add the "Users" role? 
the log also says "already authenticated".

sorry for all the questions, I am new to JBoss.

Claus







View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4167934#4167934

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4167934

More information about the jboss-user mailing list