Monday, May 30, 2011

Spring security Kerberos Integration

Spring Security Kerberos Extension, authenticated the users against web application just by opening the URL. There is no need to enter a username/password and no need to install additional software.

To enable this integration we need the following steps,

1- Create a user in the active directory
i. server1
Set up the user password policy to non-expiring password

2- Create SPN for the user (Step 1- user)
The following command has to run to create spn for the above user
i. setspn –a username
ii. setspn -a HTTP/server1.domain.com@DOMAIN.COM server1

3- Create Key tab file
The following command has to run to create key tab file.
i. ktpass /out /mapuser /princ -kvno 0 /pass /ptype KRB5_NT_PRINCIPAL
ii. ktpass /out name.keytab /mapuser server1@domain.com /princ HTTP/server1.domain.com@DOMAIN.COM -kvno 0 /pass password /ptype KRB5_NT_PRINCIPAL

For spring configuration and more information please refer the following url

http://blog.springsource.com/2009/09/28/spring-security-kerberos/
Posted by at 8 comments:
Subscribe to: Posts (Atom)