About SPNEGO/Kerberos Authenticator and Active Directory Realm for Apache Tomcat
A fully featured, first-class SPNEGO/Kerberos Authenticator and Active Directory Realm for the Apache Tomcat servlet container. It integrates your Java webapp into your Active Directory environment with ease and provides modules for Tomcat 8.5.x, 9.0.x, and 10.1.x.
Getting Started
Download the artifacts and read the user guide to get started. Make sure to read the release notes as well.
Origin of this Project
Working in a corporate environment leaves you virtually no option of not having real SSO for a (Java) webapp, especially when this works with Microsoft IIS with a few clicks. Unfortunately, the Apache Tomcat did not have anything like this out of the box for years.
After a deep dive into Kerberos, GSS-API, TLS, PKI, Active Directory and LDAP in Java, I made a custom components to fill that gap. Portions of this project have been integrated into Apache Tomcat 7 and onwards. Though, this project covers much more than an authenticator.
This library has served me very well for 10+ years and still does a great job in a complex multi-realm environment, hopefully it will do for you too.