There are quite a lot of moving parts involved in using SPNEGO.
The following order is suggested:
- Ensure you have a working Kerberos environment.
- Configure an Apache server with mod_auth_kerb on the machine you are going to use Glassfish on.
- Test it with a browser to ensure that everything is working. See the Browser Configuration chapter. for more information.
- Follow the instructions in the Configuring A Glassfish Domain for SPNEGO chapter.
- Extend the net.java.spnego.SpnegoServerAuthModule to define how you will assign groups to the subject. See net.java.spnego.ExampleSpnegoServerAuthModule for an example.
- Package the spnego jar and commons-codec jar in your web app.
- Deploy and test with a browser.
