Authentication failing with SPNEGO with Struts on EAP 6

Solution In Progress - Updated -

Environment

  • Red Hat JBoss Enterprise Application Platform 6
  • SPNEGO authentication with
  • Struts based web presentation

Issue

  • Struts web application with SPNEGO authentication does not work and presents fallback FORM based authentication
  • JBoss is not sending Negotiate HTTP header to begin SPNEGO authentication with Struts based form-login-page

Resolution

Replace the JSP page with an HTML page for fallback authentication.

<login-config>
       ....
       <form-login-config>
               <form-login-page>/login.html</form-login-page> <!-- this page should not be rendered by Struts -->
               <form-error-page>/error.html</form-error-page>
       </form-login-config>

Root Cause

The SPNEGO valve (NegotiationAuthenticator) is setting HTTP headers which are cleared by Struts causing SPNEGO authentication to not be initiated.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.