问题
I'm trying to get to point, where wildfly 9 would be able to authenticate users with kerberos and authorize them with ldap.
I'm having rich EJB client using JAAS (having com.sun.security.auth.module.Krb5LoginModule).
I'd need some sample including the step-by-step configuration.
What I've found is:
- wildfly with LDAP (https://developer.jboss.org/wiki/LDAPSecurityRealmExamples)
- wildfly with SPNEGO (https://github.com/kwart/spnego-demo)
- wildfly with kerberos for server management (http://darranl.blogspot.co.uk/2014/10/wildfly-9-kerberos-authentication-for.html, http://darranl.blogspot.co.uk/2014/11/wildfly-9-kerberos-authentication-with.html)
however I have not web but rich application + I'm not using LDAP for authentication, but kerberos. And I need not only management operations to be authenticated using kerberos.
Any complete sample/references out there?
回答1:
i manage to make it work with this library :
https://github.com/dstraub/spnego-wildfly
you incorpore the jar in your application (not available in MVN repository), then you have to specify the mechanism authentication "SPNEGO" for example in web.xml, configure your active directory, create your keytab, configure your standalone.xml or domain.xml and it is OK , you can also use an apache in front and a load balancer, an example with the sample-app
来源:https://stackoverflow.com/questions/37742479/wildfly-9-kerberos-ldap-active-directory