Authentication failing with SPNEGO with Struts on EAP 6
Environment
- Red Hat JBoss Enterprise Application Platform 6
- SPNEGO authentication with
- Struts based web presentation
Issue
- Struts web application with SPNEGO authentication does not work and presents fallback FORM based authentication
- JBoss is not sending Negotiate HTTP header to begin SPNEGO authentication with Struts based form-login-page
Resolution
Replace the JSP page with an HTML page for fallback authentication.
<login-config>
....
<form-login-config>
<form-login-page>/login.html</form-login-page> <!-- this page should not be rendered by Struts -->
<form-error-page>/error.html</form-error-page>
</form-login-config>
Root Cause
The SPNEGO valve (NegotiationAuthenticator) is setting HTTP headers which are cleared by Struts causing SPNEGO authentication to not be initiated.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
