I have very limited knowledge on mod_auth_keb or SPNEGO protocols, Yet we are looking to implement the below approach for gaining Single-signon access(Against Microsoft AD with NT domain users authorization) to a number of applications that are deployed on our weblogic(10.3.6) cluster(some them are deployment on different domains) that run on a Redhat cluster. At the moment all of requests are load-balanced through apache http server via mod_wl connector.
The idea is to have Authentication Service and the ticket granting services installed over Apache for initial authorization (with help of mod_auth_kerb or other auth_kerb modules for windows-authentication using windows-authentication with kbr5 keytab host configurations) and upon authorization direct/load-balance the requests to Weblogic specific contexts with REMOTE_USER headers.
Was interested to check if someone has setup that works at a production scale and was wondering if they can share setup information after getting their Kerberos configuration for Apache working along with apache-weblogic bridge.
Thanks in advance ! Rahul