1

I'm trying to authenticate users using wildfly console to kerberos.

I followed the guide: https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/how-to-set-up-sso-with-kerberos/#connecting_to_the_management_interface

I'm trying to connect to wildfly admin console (see section: "3.2.4. Connecting to the Management Interface" in referred url). However once trying with: 

./bin/jboss-cli.sh -c connect -Djavax.security.auth.useSubjectCredsOnly=false  -Djava.security.krb5.realm=XXX.XXX.NET --no-local-auth

I get: 

OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=256m; support was removed in 8.0
Authenticating against security realm: ManagementRealm
Failed to connect to the controller: Unable to authenticate against controller at localhost:9990: Authentication failed: all available authentication mechanisms failed:
   GSSAPI: No implementation found
   DIGEST-MD5: java.lang.NullPointerException

Obviously relevant part for me is: GSSAPI: No implementation found

How should I proceed?

Peter Butkovic
  • 11,143
  • 10
  • 57
  • 81

1 Answers1

0

widlfy 9 delete all authentication mechanism, then they add kerberos (spnego) in version 10 , available :

FORM, BASIC, EXTERNAL, and i have not test, DIGEST but i am not really sur, you can verify directly in undertow sources, there is some CERT or GSSAPI class but useless,

i manage to make it work with a custom librairie on the web :

wildfly (9) + kerberos + ldap (Active Directory)

there is an app sample to test you kerberos because you must have a valid Active directory configuration... tell me if you have ani problem... widlfy is not the panacee because there is no more valve system anymore and no authentication mechanism, if you want a new you have to create it, but not so easily...

my application is JSF application with ldap role verification behind a cluster and loadbalancer httpd (SSL or not same way of working)

Community
  • 1
  • 1
cyril
  • 872
  • 6
  • 29