17.9. Configure SPNEGO Fall Back to Form Authentication

Procedure 17.2. SPNEGO security with fall back to form authentication

1. Set up SPNEGO

   Refer the procedure described in Section 17.8, “Configure Kerberos or Microsoft Active Directory Desktop SSO for Web Applications”

2. Modify web.xml

   Add a login-config element to your application and setup the login and error pages in web.xml:

   <login-config>
       <auth-method>SPNEGO</auth-method>
       <realm-name>SPNEGO</realm-name>
           <form-login-config>
               <form-login-page>/login.jsp</form-login-page>
               <form-error-page>/error.jsp</form-error-page>
           </form-login-config>
      </login-config>
   

3. Add web content

   Add references of login.html and error.html to web.xml. These files are added to web application archive to the place specified in form-login-config configuration. For more information refer Enable Form-based Authentication section in the Security Guide for JBoss EAP 6. A typical login.html looks like this:

   <html>
       <head>
           <title>Vault Form Authentication</title>
       </head>
       <body>
           <h1>Vault Login Page</h1>
           <p>   
           <form method="post" action="j_security_check">
           <table>
               <tr>
                   <td>Username</td><td>-</td>
                   <td><input type="text" name="j_username"></td>
               </tr>
               <tr>
                   <td>Password</td><td>-</td>
                   <td><input type="password" name="j_password"></td>
               </tr>
               <tr>
                   <td colspan="2"><input type="submit"></td>
               </tr>              
           </table>
           </form>
           </p> 
           <hr>
       </body>
   </html>