J2EE
Engine Configuration for Kerberos
Purpose
The functions of the J2EE Engine in the Kerberos authentication process are several fold. The J2EE Engine returns a response to the Web client, preconfigured for Kerberos that identifies the J2EE Engine as a member of a Kerberos Realm. Upon receiving the SPNego wrapped Kerberos Client/Server Session Ticket from the Web client, the J2EE Engine must authenticate the client’s request, using the SPNegoLoginModule and the JDK Kerberos implementation.
Therefore, to use the J2EE Engine with Kerberos authentication you have to configure the UME, the SPNegoLoginModule and the J2EE Engine itself.
Implementation Considerations
The JDK of the J2EE Engine carries out the Kerberos implementation. Therefore, the actual configuration of the J2EE Engine depends on the JDK that you use.
Integration
For more information about configuring the J2EE Engine and its components, see the following topics:
· Overview of SPNegoLoginModule
Overview of the JAAS login module for the Simple and Protected GSS API Negotiation Mechanism (SPNego), including its configuration properties.
· Importing Kerberos Configuration Files to J2EE Engine Host
Overview of the steps to import the J2EE Engine keytab file from the KDC and to create a Kerberos configuration file on the J2EE Engine.
· Setting J2EE Engine Properties
Information about setting optional and required parameters on the J2EE Engine.
· UME configuration for Kerberos Authentication
The J2EE Engine uses the UMEto resolve and populate the user account, corresponding to the Web client authenticated with Kerberos. In this topic, you can find information about modifications to the UME configuration files for different modes of user resolution. In addition, you can find information about configuring different user store types for Kerberos authentication.
· Configuring Login Module Stacks for Using SPNego
Information about adding the SPNegoLoginModule to a J2EE Engine login module stack, with or without a fallback authentication mechanism.