Forum Stats

  • 3,824,847 Users
  • 2,260,430 Discussions


Java Kerberos authentication using Active Directory User Principal Name

user10622254 Member Posts: 1
edited Dec 21, 2015 10:22AM in Kerberos & Java GSS (JGSS)

I'm trying to switch from Simple LDAP authentication to GSSAPI authentication.

I'm using Krb5LoginModule to perform the authentication when setting username to user's UPN which looks like [email protected] where suffix is not domain name.

Authentication fails as Krb5LoginModule assumes that the name format is [email protected]

Is there any option to pass the username which contains @ to the Krb5LoginModule so it will use the full user name without extracting realm from the username?

Using samAccountName works but I don't have user's samAccountName but UPN.

User logon to Windows works using UPN and the only difference I see in the network captures is that during Windows login name-type which is used is KRB5-NT-ENTERPRISE-PRINCIPAL and KerberosString includes full UPN name as opposite to KRB5-NT-PRINCIPAL and KerberosString with truncated UPN name sent by Java.

This discussion has been closed.