Java 真的 spnego.allow.unsecure.basic 真的 spnego.login.client.module com.sun.security.jgss.krb5.initiate spnego.krb5.conf krb5.ini spnego.login.conf jaas.conf spnego.login.server.module com.sun.security.jgss.krb5.accept spnego.prompt.ntlm 真的 spnego.logger.level 1. SpnegoHttpFilter /*

6） 在“C:\Program Files\Apache Software Foundation\Tomcat 8.5\webapps\ROOT”中创建一个JSP文件，其中包含以下内容：

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <title>Hello SPNEGO Example</title>
    </head>
    <body>
        Hello <%= request.getRemoteUser() %> !
    </body>
</html> 

Hello SPNEGO示例
你好

7） 如果您遵循了此步骤，它应该可以工作，并且您将在请求时收到Windows用户的名称

---

希望有帮助。

向我们展示您已经尝试过的内容。可能的重复向我们展示您已经尝试过的内容。使用华夫饼干也可以复制SSO。我在几个网络应用程序中实现了它。看起来没有你做的那么复杂。华夫饼干也可以实现SSO。我在几个网络应用程序中实现了它。看起来不像你做的那么复杂。

ktpass -out C:\temp\test.keytab -princ HTTP/santi.mitrol.net@DEV-MITROL.LOCAL -mapUser santi.mitrol.net -mapOp set -pass MYPASS -crypto RC4-HMAC-NT -pType KRB5_NT_PRINCIPAL

<filter-name>SecurityFilter</filter-name>
<!--<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>-->
<filter-class>net.mitrol.config.activedirectory.CustomFilter</filter-class>

<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>

setspn -A HTTP/santi.dev-mitrol.net tomcat
setspn -A HTTP/santi.dev-mitrol.net.dev-mitrol.local tomcat

ktpass -princ HTTP/santi.dev-mitrol.net.dev-mitrol.local@DEV-MITROL.LOCAL -mapuser tomcat@DEV-MITROL.LOCAL -pass * -ptype KRB5_NT_PRINCIPAL -out test.keytab

[libdefaults]
default_realm = DEV-MITROL.LOCAL
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true

[realms]
DEV-MITROL.LOCAL = {
kdc = AR-SRV-DC-007
}

[domain_realm]
dev-mitrol.local= DEV-MITROL.LOCAL
.dev-mitrol.local= DEV-MITROL.LOCAL

com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required;
};

com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
useKeyTab=true
keyTab="file:///C:/Program Files/Apache Software Foundation/Tomcat 8.5/conf/test.keytab"
principal="HTTP/santi.dev-mitrol.net.dev-mitrol.local";
};

<filter>
    <filter-name>SpnegoHttpFilter</filter-name>
    <filter-class>net.sourceforge.spnego.SpnegoHttpFilter</filter-class>
    <init-param>
        <param-name>spnego.allow.basic</param-name>
        <param-value>true</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.allow.localhost</param-name>
        <param-value>true</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.allow.unsecure.basic</param-name>
        <param-value>true</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.login.client.module</param-name>
        <param-value>com.sun.security.jgss.krb5.initiate</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.krb5.conf</param-name>
        <param-value>krb5.ini</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.login.conf</param-name>
        <param-value>jaas.conf</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.login.server.module</param-name>
        <param-value>com.sun.security.jgss.krb5.accept</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.prompt.ntlm</param-name>
        <param-value>true</param-value>
    </init-param>

    <init-param>
        <param-name>spnego.logger.level</param-name>
        <param-value>1</param-value>
    </init-param>
</filter>
<filter-mapping>
    <filter-name>SpnegoHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <title>Hello SPNEGO Example</title>
    </head>
    <body>
        Hello <%= request.getRemoteUser() %> !
    </body>
</html>