I followed the instructions from http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos (using JBoss 4.02) and it appears that the SPNEGO/NTLM handshaking and getting the principal from token seems to be working fine. I can also see that the 'login()' method of 'NegotiateLoginModule' is returning the Principal successfully.
But the silent authentaication is not happening in the 'test' web app. It looks like in 'HttpServletRequestResponseValve.authenitcate()' , the following code is returning 'null' for the principal. // Start the authentication with the retrieved user, and a blank // password. This will be mostly ignored by the login module, but needed // to do this to allow role retrieval and other stuff to work properly principal = getContainer().getRealm().authenticate(userId == null ? "" : userId, ""); Here is some log info. from jboss server.log *********************************************************** 2006-11-26 10:26:35,875 INFO [org.apache.jk.server.JkMain] Jk running ID=0 time=0/47 config=null 2006-11-26 10:26:35,875 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)] Started in 13s:47ms 2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL PROTECTED] 2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] CachePolicy set to: [EMAIL PROTECTED] 2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL PROTECTED] 2006-11-26 10:27:58,515 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added SPNEGO, [EMAIL PROTECTED] to map 2006-11-26 10:27:58,609 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got SecurityAssociationCallback: [EMAIL PROTECTED] 2006-11-26 10:27:58,609 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Sending back authorization header 2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null 2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got NegotiateCallback: [EMAIL PROTECTED] 2006-11-26 10:27:58,640 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 1 NTLM 2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null 2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got NegotiateCallback: [EMAIL PROTECTED] 2006-11-26 10:27:58,687 DEBUG [org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 3 NTLM 2006-11-26 10:27:58,687 DEBUG [org.jboss.security.auth.NegotiateLoginModule] Found NTLM token in SPNEGO: [EMAIL PROTECTED] 2006-11-26 10:28:00,062 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned: null *********************************************************** View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988666#3988666 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988666 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user