Chapter 8. Negotiation Toolkit
The Negotiation Toolkit is a web application for testing of the SPNEGO configuration so you do not need to test your configuration with your application. The
jboss-negotiation-toolkit.war
file is available at https://repository.jboss.org/nexus/content/groups/public/org/jboss/security/jboss-negotiation-toolkit/2.0.3.SP1/jboss-negotiation-toolkit-2.0.3.SP1.war. Copy the file to the $JBOSSHOME/server/$PROFILE/deploy
directory to have the Negotiation Toolkit deployed.
The toolkit assumes that the authenticator has the name
SPNEGO
and that the application security domain is named SPNEGO
. If either of these have other names, deploy the web application as an exploded archive and modify web.xml
and jboss-web.xml
:
- In the
WEB-INF/web.xml
file, update the authenticator key inauth-method
(<auth-method>SPNEGO</auth-method>
. - In the
WEB-INF/jboss-web.xml
file, update the name of the security domain insecurity-domain
(<security-domain>SPNEGO</security-domain>
.
Once deployed, access the Negotiation Toolkit web application at http://testserver.kerberos.jboss.org:8080/jboss-negotiation-toolkit
Note
Make sure you have set the DNS entry as described in Prerequisite: DNS Setting in Section 2.3, “Defining Application Security Domain”.
8.1. Front Page
The main page for the Negotiation Toolkit contains links to the toolkit utilities, which test the mechanisms of SPNEGO authentication. It is recommended that you follow the links from top to bottom.
Figure 8.1. Negotiation Toolkit Front Page
Note
Make sure you have completed the installation before you use the Negotiation Toolkit as the toolkit tests involve communication with the application server, web browser, and the KDC.