Using Kerberos as a SSO

We are currently looking into JAAS with SPNEGO negotiation for providing Kerberos SSO with Java, and with particular focus on Kerberos SSO with Tomcat. If the user has a Kerberos ticket, then he/she will be allowd to access the Java application without being prompted. However, if the user does not have a Kerberos ticket on their machine (for example, if they are logging in from home or if they are using a Mac), they will be prompted for their username/password.

We are investigating this technology with a view to deploying it to provide JAAS auto login to shibboleth 2.0. However, we are first researching whether we can technically use JAAS + SPNEGO. All research developments will be made available soon.

Back to News