Issue in configuring SpnegoLoginModule using jboss Negotiation
batjboss Jun 9, 2015 7:08 AMOur application has external customers and intranet users. All external users should be provided a basic authentication. Configured Jbossnegotiation and the related file configuration as per the document.
web.xml for the fall back is as follows:
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>This is the default security domain</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Role1</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>default</realm-name>
</login-config>
<security-role>
<role-name>Role1</role-name>
</security-role>
Jboss-web.xml
<jboss-web>
<context-root>/</context-root>
<security-domain>java:/jaas/SPNEGO</security-domain>
</jboss-web>
All changes done in properties-service.xml,web deployer and login-config is as follows
<application-policy name="host">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey">true</module-option>
<module-option name="useKeyTab">true</module-option>
<module-option name="principal">HTTP/ABC@XYZ.COM</module-option>
<module-option name="keyTab">ABC.keytab</module-option>
<module-option name="doNotPrompt">true</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name="SPNEGO">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="serverSecurityDomain">host</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">spnego_Users.properties</module-option>
<module-option name="rolesProperties">spnego_roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
I have spnego_users.properties as
abc = abc
spnego_roles.properties
abc=Role1
Need to show basic authentication po up for internet users and then should be able to login with username and password abc.abc is not in AD server.
Now after making above changes, application asking for credentials and is not accepting the above value abc/abc.
Please assist.