Share this post
FaceBook  Twitter  

Integration of Glassfish with Kerberos/LDAP authentication/authorization is complicated and requires many stages.

 

The glassfish server communicates with your Kerberos/LDAP server using Java Authentication and Authorization Service JAAS. You need to configure a security realm in glassfish to use the com.sun.security.auth.module.Krb5LoginModule class. You also need to add the following lines to glassfishv3/glassfish/domains/domain1/config/login.conf

 

KerberosClient {
       com.sun.security.auth.module.Krb5LoginModule required
       useTicketCache=true;
};

KerberosServer {
       com.sun.security.auth.module.Krb5LoginModule required
       useKeyTab=true
       keyTab="/opt/glassfishv3/glassfish.keytab"
       doNotPrompt=true
       storeKey=true
       principal="GFISHHTTP/hostname.example.com@REALM.EXAMPLE.COM";
};

Once complete, you need to configure your application to make the relevent calls and define the required callbacks to handle the authenticaiton system.