Versions Compared

Old Version 4

changes.mady.by.user Ashish Jain

Saved on

compared with

New Version 5

changes.mady.by.user Ashish Jain

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Set up the following parameters before starting the server.
    set JAVA_OPTS=-Djava.security.krb5.conf=C:\winnt\krb5.ini -Dcom.ibm.security.jgss.debug=all -Dcom.ibm.security.krb5.Krb5Debug=all -Djavax.security.auth.useSubjectCredsOnly=false -Dorg.apache.tomcat.config.NEGOTIATE=true
    Make sure you set the "org.apache.tomcat.config.NEGOTIATE=true" otherwise you will not be able to use spnego.
  • Start the server with "geronimo.bat run" command.
  • Create a realm for spnego. You can create a realm for fallback once spnego fails. For reference here is a sample spnego realm. This
    realm is a combination of spnego and properties realm. In case your spnego authentication fails the authentication will fallback on
    properties realm.
    {code:title=spnego_properties_realm.xml
    <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
    <moduleId>
    <groupId>console.realm</groupId>
    <artifactId>SpnegoTest</artifactId>
    <version>1.0</version>
    <type>car</type>
    </moduleId>
    <dependencies>
    <dependency>
    <groupId>org.apache.geronimo.framework</groupId>
    <artifactId>j2ee-security</artifactId>
    <type>car</type>
    </dependency>
    <dependency>
    <groupId>com.ibm</groupId>
    <artifactId>Spnego</artifactId>
    <version>1.0</version>
    <type>jar</type>
    </dependency>
    </dependencies>
    </environment>
    <gbean name="SpnegoTest" class="org.apache.geronimo.security.realm.GenericSecurityRealm" xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <attribute name="realmName">SpnegoTest</attribute>
    <reference name="ServerInfo">
    <name>ServerInfo</name>
    </reference>
    <xml-reference name="LoginModuleConfiguration">
    <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
    <log:login-module control-flag="SUFFICIENT" wrap-principals="false">
    <log:login-domain-name>SpnegoTest</log:login-domain-name>
    <log:login-module-class>org.apache.geronimo.security.realm.providers.SpnegoLoginModule</log:login-module-class>
    <log:option name="targetName">http/pork2000test.austin.ibmxyz.com</log:option>
    </log:login-module>
    <log:login-module control-flag="SUFFICIENT" wrap-principals="false">
    <log:login-domain-name>demo-properties-realm</log:login-domain-name>
    <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
    <log:option name="usersURI">var/security/demo_users.properties</log:option>
    <log:option name="groupsURI">var/security/demo_groups.properties</log:option>
    </log:login-module>
    </log:login-config>
    </xml-reference>
    </gbean>
    </module>
    Code Block
...