Content Platform Engine, Version 5.2.1       Application server:  JBOSS Application Server    

Enabling Kerberos on the application server (JBoss)

To enable Kerberos under JBoss 4.x or 5.x, you must set up a special Engine Kerberos Service Authentication Provider.

About this task

To set up the special Engine Kerberos Service Authentication Provider:

Procedure

  1. Copy the Engine-authn.jar to the following location:
    Option Description
    Windows %JBOSS_HOME%\server\default\lib
    UNIX ${JBOSS_HOME}/server/default/lib

    This JAR file can be found in the install_path\FileNet\ContentEngine\Kerberos directory. If Configuration Manager is used, it might have already copied the jar file to the directory.

  2. Edit the %JBOSS_HOME%\server\default\config\login-config.xml file (or ${JBOSS_HOME}/server/default/config/login-config.xml on UNIX/Linux) by adding the following lines right before the LdapExtLoginModule or LdapLoginModule line in the FileNet stanza. Also change the flag of the LdapExtLoginModule / LdapLoginModule line from required to sufficient if necessary.
    <!-- Kerberos login module -->
    <login-module code=
    "com.filenet.engine.authentication.kerberos.login.KrbServiceLoginModule"
    flag="sufficient">
    <module-option name =
    "debug">true</module-option>
    </login-module>
  3. Edit the login-config.xml file again and add the following stanza after the last of the other <application-policy> entries:
    <application-policy
    name="FileNetP8KerberosService"><authentication><login-module
    code="com.filenet.api.authentication.jboss.login.FnClientLoginModule"
    flag="required"></login-module></authentication></application-policy>


Last updated: March 2016
p8psn031.htm

© Copyright IBM Corporation 2016.