User Guide

To make use of this library you must run any of these:

Tomcat 8.5.x and Java 7 (use artifact tomcat85-authnz-spnego-ad)
Tomcat 9.0.x and Java 8 (use artifact tomcat90-authnz-spnego-ad)
Tomcat 10.1.x and Java 11 (use artifact tomcat101-authnz-spnego-ad)

They are all identical function-wise and documentation as well as linked Javadoc apply to all of them, unless stated otherwise.

Prerequisites: Make sure that the machine running the Tomcat instance (a) has joined a domain, (b) has an appropriate SPN set, (c) has Kerberos properly configured and (d) the JVM has all necessary system properties set.

This site will guide you through the components of this library:

Authenticators: an authenticator challenges a client to present the necessary authentication token to prove its identity.
Realms: a realm looks up the roles and other data of a user in Active Directory or any other user repository.

Your will need both components configured properly to enjoy true SSO in your company network.

Before using this library, make sure that the main artifact and its dependencies (if not shaded) are in the class path of your Tomcat instance, i.e., in $CATALINA_BASE/lib or $CATALINA_HOME/lib.

Sample Webapp

Finally configured all components, now need to verify your setup? Read the sample webapp setup.

Spring Security

Integrating this module within Spring Security can easily be done. Read here how!

Not using Active Directory but another Kerberos KDC implementation?

If you happen not to use Active Directory, but MIT Kerberos or Heimdal as your KDC – no problem, the authenticators are not tied to Active Directory, but simply require a working Kerberos setup. As for the realm, read the section on alternative realm implementations.