The ticket needs to be forwardable. If it is, in firefox, you add your website
to the trusted URIs for delegation ( in about:config). At this point, you
should see context.getDelegState()=true in the logs.
The missing bit in the jboss-negotiation project is to get the delegated
credendentials
hello,
I have a few question about spnego and jboss:
1. My app is deployed on the domain TEST.NET and accessible via the url
http://myapp.test00.net. I configured everything correctly so that
jboss-negociation works ok.
My app is accessible outside of the domain via the url
Regarding my problem, MIT Kerberos installed on the XP machine seems to disable
the local sspi. I found out trying to load the web app on a different machine
where the speno worked straight away in IE.
View the original post :
Hello,
I have deployed jboss-negotiation with too many troubles in my application. The
server is installed on a XP machine and the Active Directory server is a
Windows 2003. It works well with FireFox only if I set the option
network.auth.use-sspi to false. In other words, it seems like only
err! I meant, I have deployed it with NOT too many troubles. That was all right
in fact. Good stuff so far!
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4215991#4215991
Reply to the post :
Reading the Credential Delegation section in the white paper Single Sign-on
Using Kerberos in Java
(http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/single-signon.html), I
wonder if there is such a thing as a forwarded TGT that get send from the
client to the server during the browser
well, I guess that I found out all by myself reading the documentation: For
the current implementation only trust is required, the use of delegation is
something that will be added in future releases.
Damn, how difficult is it to implement? I may need to implement that myself...
examples, code
Hello,
I deployed my app in a JBoss server hosted on a Windows XP machine. The
Kerberos MIT server is hosted on a Unix machine and I configured the JBoss
negotiation module as documented, it worked like a treat!
The app deployed in JBoss is a multi-tier... and therefore my final goal is too
Hello,
I am trying to deploy a simple test environment for the Jboss login module
supporting SPNEGO authenthication (Jboss-negotiation.2.0.3.GA).
I have installed Kerberos MIT 5 on a debian box and created the realm
MYCOMPANY.NET, plus a user and a service principal for jboss.
The Jboss
Excellent, I have the Basic Negociation working! WireShark showed that
http/hostmane.mycompany@mycompany.net was not correct. It should have been
HTTP/hostmane.mycompany@mycompany.net.
The Secured servlet still does not work though...and this time, wireshark is
not so helpful...Server
ok, it seems to work...
i did not change anything and the http 401 changed into http 403. I fixed the
roles and done.
Thanks for your precious help.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4211218#4211218
Reply to the post :
Hi all,
I have a few problem deploying my JMS in the following Topology:
-JBossA hosts the Hypersonic Database and the JMS provider deployed using
uil-service.xml
-JBossB uses JBossA as JMS Provider
-A JMS client connects to the JMS Provider by doing a remote lookup on JBossB
Basically, when I
found someting interesting here:
http://www.jboss.org/index.html?module=bbop=viewtopict=112107
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4133686#4133686
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4133686
13 matches
Mail list logo
