I have very limited knowledge on mod_auth_keb or SPNEGO protocols, Yet we are looking to implement the below approach for gaining Single-signon access(Against Microsoft AD with NT domain users authorization) to a number of applications that are deployed on our weblogic(10.3.6) cluster(some them are deployment on different domains) that run on a Redhat cluster. At the moment all of requests are load-balanced through apache http server via mod_wl connector.

The idea is to have Authentication Service and the ticket granting services installed over Apache for initial authorization (with help of mod_auth_kerb or other auth_kerb modules for windows-authentication using windows-authentication with kbr5 keytab host configurations) and upon authorization direct/load-balance the requests to Weblogic specific contexts with REMOTE_USER headers.

Was interested to check if someone has setup that works at a production scale and was wondering if they can share setup information after getting their Kerberos configuration for Apache working along with apache-weblogic bridge.

Three exchanges are involved when the client initially access a server resource: AS exchange (circles 1 and 2), TGS exchange (circles 3 and 4) and finally a client/server exchange (request shown as circle 5).

Thanks in advance ! Rahul

0

There are 0 best solutions below