IT. Expert System.

Java Standard Edition (SE)

Advanced JGSS Security Programming

Part III : Deploying for Single Sign-On in a Kerberos Environment

Exercise 6: Deploying for Single Sign-On

Goal of this exercise

The goal of this exercise is to learn how to configure a JAAS application that uses Kerberos for authentication to achieve single sign-on. Single sign-on means that the user needs only authenticate once to a system or a collection of services. After the initial authentication, the user can access other services in the system using the same identity as he used for the initial authentication.

Single sign-on can be used to describe different types of authentication. There are HTTP-based network single sign-on protocols. There is Kerberos-based single sign-on for network services. In this particular exercise, we show how to achieve single sign-on in Kerberos-based systems by showing how to import already-acquired Kerberos credentials from the underlying native operating system.

Background and Resources for this exercise

Single Sign-On Using Kerberos in Java

In addition, see the information provided in Exercise 2 and Exercise 4 for background information about Kerberos and Java GSS.

Steps to follow

  1. Edit the jaas-krb5.conf configuration file.

    This file contains two entries: one named client and one named server. Add the line useTicketCache=true to the client entry.

  2. Perform Kerberos login to the native operating system. To login to Kerberos, use kinit command as follows:

    % kinit test

    Provide a secure password.

  3. Run the client and server programs in Exercises 1 through 5 and you will note that the client applications no longer ask you to enter a password.


Android Reference

Java basics

Java Enterprise Edition (EE)

Java Standard Edition (SE)





Java Script








Design patterns

RFC (standard status)

RFC (proposed standard status)

RFC (draft standard status)

RFC (informational status)

RFC (experimental status)

RFC (best current practice status)

RFC (historic status)

RFC (unknown status)

IT dictionary

All information of this service is derived from the free sources and is provided solely in the form of quotations. This service provides information and interfaces solely for the familiarization (not ownership) and under the "as is" condition.
Copyright 2016 © ELTASK.COM. All rights reserved.
Site is optimized for mobile devices.
Downloads: 346 / 159178165. Delta: 0.03278 с