A fully featured, first-class SPNEGO/Kerberos Authenticator and Active Directory Realm for the Apache Tomcat servlet container. It integrates your Java webapp in your Active Directory environment with ease.
Working in a corporate environment leaves you virtually no option of not having real SSO for a (Java) webapp, especially when this works with Microsoft IIS with a few clicks. Unfortunately, the Apache Tomcat did not have anything like this out of the box for years.
After a deep dive into Kerberos, GSS-API, Active Directory and LDAP in Java, I made a custom component to fill that gap. Portions of this project have been integrated into Apache Tomcat 7 and onwards. Though, this project covers much more than an authenticator.
This library has served me very well for many years and still does a great job in a complex multi-realm environment, hopefully it will do for you too.