Java Kerberos authentication seems to work, still gets rejected

Question

I\'ve got a Java client app and a Java server app, and I\'m trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTT

Answer 1

What library do you use on the server side? Did you enable debug flags to see what happens when the server processes the service ticket?

Answer 2

Your Kerberos configuration might be completely fine. The 401 messsage means that the authentication itself probably went fine. However, i suspect the webapp only allows users if they are assigned a Role. The SPNego mechanism does not assign such role out-of-the-box. You still need to configure a Realm that performs the mapping.

See also my question on the Tomcat users mailing list. https://mail-archives.apache.org/mod_mbox/tomcat-users/201210.mbox/%3C5075ECC6.8060501@christopherschultz.net%3E