User Guide

To make use of this library you must run at least Java 1.6 and Apache Tomcat 6.0 only due to ABI changes in version 7.0.

Make sure that the machine running the Tomcat instance (a) has joined a domain, (b) has an appropriate SPN set, (c) has Kerberos properly configured and (d) the JVM has all necessary system properties set.
The default ErrorReportValve in Tomcat is not properly capable to display messages returned by the components in this module, therefore, you are advised to use the net.sf.michaelo.tomcat.extras.valves.EnhancedErrorReportValve.

This site will guide you through the components of this library:

  1. Authenticators: an authenticator challenges a client to present the necessary authentication token to prove its identity.
  2. Realms: a realm looks up the roles and other data of a user in the Active Directory or any other user repository.

Your will need both components configured properly to enjoy true SSO in your company network.

Before using this library, make sure that the main artifact and its dependencies are in the class path of your Tomcat instance, i.e., in $CATALINA_BASE/lib or $CATALINA_HOME/lib.

Sample Webapp

Finally configured all components, now need to verify your setup? Read the sample webapp setup.

Spring Security

Integrating this module within Spring Security can easily be done. Read here how!

Not using Active Directory but another Kerberos KDC implementation?

If you happen not to use Active Directory but MIT Kerberos or Heimdal as your KDC – no problem, the authenticators are not tied to the Active Directory but simply require a working Kerberos setup. As for the realm, read the chapter on alternative realm implementations.