Expand my Community achievements bar.

How to get LoginContext object in Custom Authentication Handler?

Avatar

Level 3

Hi Experts,

I am writing an Custom Authentication handler in AEM in order to achieve the SSO functionality with Kerberos token. The code to decode the service token needs the LoginContext object. Below is the sample code

 this.loginContext = new JaasLoginContext("jackrabbit.oak", handler);

this.loginContext.login();

when i am trying to execute the above code i am getting below error 

javax.security.auth.login.LoginException: unable to find LoginModule class: org.apache.felix.jaas.boot.ProxyLoginModule
    at javax.security.auth.login.LoginContext.invoke(Unknown Source)
    at javax.security.auth.login.LoginContext.access$000(Unknown Source)
    at javax.security.auth.login.LoginContext$4.run(Unknown Source)

Can you guys help in understanding how to get the LoginContext object in Custom Authentication Handler sample code would be rally helpful?

4 Replies

Avatar

Level 10

I am checking to see if there are some examples within Adobe that can help you.

Avatar

Level 3

Thanks for the response Samc. I tried various options but my main goal is achieve Kerberos authentication in AEM. IIS will do the Authentication part and pass the Authorization header Negotiate service token to AEM. the login module which i am trying to write should decrypt the service token. i am stuck at getting the logincontext object which talks to KDC and authenticates the service account of windows server. Need pointers in achieving the  same in AEM.

i tried implementing SSO in tomcat using the SPNEGO module which works fine. while running on tomcat the login module used to authenticate the user with KDC is using com.sun.security.auth.module.Krb5LoginModule.java . As this module is not registered in AEM i tried to write new JAAS Login module but i am not able to write the custom logic of authentication with KDC . Need pointers in implementing the same.

Avatar

Level 1

Hey Kish any chance you ever got this working?  We're looking at a similar option using Kerberos.  If you did... Do you have a sample/example?