Use of "removeRealmFromPrincipal" in "SPNEGOLoginModule" does not work.

Solution Verified - Updated -

Issue

  • Using the SPNEGOLoginModule to facilitate integrated windows authentication for a web application.
    • One of the options on this login module is removeRealmFromPrincipal which will remove the Kerberos realm from the principal. (jdoe@EXAMPLE.COM -> joe).
  • There are situations where the full kerberos principal name is returned as the principal instead of the desired principal name with the realm removed.
    • The SPNEGOLoginModule is being used in a chained login module fashion and a subsequent login module (AdvancedADLoginModule) assumes a principal will not be attached and fails.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.