Search



Recent Entries

Syndicate this site (XML)
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.17

« Ehcache Talk at JavaOne 2007 | Main | JPam - a bridge between JAAS and Unix PAM security »

April 11, 2007

Spnego for Glassfish - First working implementation achieved today

I am feeling a little excited right now.

Today we got an implementation of SPNEGO going for Glassfish. It will be refined over coming days, but it works. You can use Glassfish in a Kerberos Single Sign On environment. It works with Firefox, IE and Safari.

Some features/limitations at present:

* We use the new JMAC JSR196: Java Authentication Service Provider Interface for Containers. This means you need to use Glassfish V2 build 41 or later, which have working JMAC implementations.

* We rely on JGSS features found in Java 6. We hope to make some changes and support Java 5 as well.

* The current implementation has only a few dependencies on Glassfish. We hope to remove those to allow the Spnego module to work with any and all JMAC implementations.

* JMAC has limited interaction with JAAS. At the moment it is not possible to fall through to a JAAS module for authentication. Not sure if this is a problem or not in a SSO environment.

Over the next days and weeks I will be refining Spnego. It is likely that it will be included as a standard part of Glassfish V2 when it is released in August 2007.

See http://spnego.dev.java.net for the project.

Now would be a good time for anyone looking to port this code to another JMAC compliant app server to get involved.

Posted by gluck at April 11, 2007 06:58 PM

Comments

Congratulations! On behalf of other GlassFish users, thanks! - eduard/o

Posted by: Eduardo Pelegri-Llopart at April 12, 2007 12:25 AM