Use of "removeRealmFromPrincipal" in "SPNEGOLoginModule" does not work.

Solution Verified - Updated -

Issue

  • Using the SPNEGOLoginModule to facilitate integrated windows authentication for a web application.
    • One of the options on this login module is removeRealmFromPrincipal which will remove the Kerberos realm from the principal. (jdoe@EXAMPLE.COM -> joe).
  • There are situations where the full kerberos principal name is returned as the principal instead of the desired principal name with the realm removed.
    • The SPNEGOLoginModule is being used in a chained login module fashion and a subsequent login module (AdvancedADLoginModule) assumes a principal will not be attached and fails.

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content