I followed the instructions from
http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos (using JBoss 4.02)
and it appears that the SPNEGO/NTLM handshaking and getting the principal from
token seems to be working fine. I can also see that the 'login()' method of
'NegotiateLoginModule' is returning the Principal successfully.
But the silent authentaication is not happening in the 'test' web app.
It looks like in 'HttpServletRequestResponseValve.authenitcate()' , the
following code is returning 'null' for the principal.
// Start the authentication with the retrieved user, and a blank
// password. This will be mostly ignored by the login module, but needed
// to do this to allow role retrieval and other stuff to work properly
principal = getContainer().getRealm().authenticate(userId == null ? "" :
userId, "");
Here is some log info. from jboss server.log
***********************************************************
2006-11-26 10:26:35,875 INFO [org.apache.jk.server.JkMain] Jk running ID=0
time=0/47 config=null
2006-11-26 10:26:35,875 INFO [org.jboss.system.server.Server] JBoss (MX
MicroKernel) [4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)] Started in
13s:47ms
2006-11-26 10:27:58,515 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL
PROTECTED]
2006-11-26 10:27:58,515 DEBUG
[org.jboss.security.plugins.JaasSecurityManager.SPNEGO] CachePolicy set to:
[EMAIL PROTECTED]
2006-11-26 10:27:58,515 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL
PROTECTED]
2006-11-26 10:27:58,515 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Added SPNEGO, [EMAIL
PROTECTED] to map
2006-11-26 10:27:58,609 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got
SecurityAssociationCallback: [EMAIL PROTECTED]
2006-11-26 10:27:58,609 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Sending back
authorization header
2006-11-26 10:27:58,640 DEBUG
[org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned:
null
2006-11-26 10:27:58,640 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got
NegotiateCallback: [EMAIL PROTECTED]
2006-11-26 10:27:58,640 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 1 NTLM
2006-11-26 10:27:58,687 DEBUG
[org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned:
null
2006-11-26 10:27:58,687 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Got
NegotiateCallback: [EMAIL PROTECTED]
2006-11-26 10:27:58,687 DEBUG
[org.jboss.web.tomcat.security.AdvancedWebCallbackHandler] Token was Type 3 NTLM
2006-11-26 10:27:58,687 DEBUG [org.jboss.security.auth.NegotiateLoginModule]
Found NTLM token in SPNEGO: [EMAIL PROTECTED]
2006-11-26 10:28:00,062 DEBUG
[org.jboss.web.tomcat.security.HttpServletRequestResponseValve] Realm returned:
null
***********************************************************
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3988666#3988666
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3988666
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user
