Hi,

I am trying to implement windows authentication in play-framework project, I found this https://github.com/SlyngDK/play-module-ad-sso your project, as per document it supports kerberos SSO, which actually I required

I tried the sample project given , but I got error

got : Negotiate after than I got above error
(Mechanism level: Invalid SPNEGO NegTokenTarg token : SPNEGO NegoTokenTarg : did not have the right token type) "

how to get request kerberos ticket i, based on authorization header?
I had checked securedAction class get this Authorization header, but on browser application of sample project I dint get any authorization header.

I want to understand how this actually work, what is the flow based on client -server configuration, what all things to configure ,

Thanks

Hi
You have to setup two machines one Windows Server running Active Directory with working dns, and a client join to this domain. Then you have to create a keytab, for the dns name of you play. Setup sample project to use this keytab. You have to add address of the play, to intra zone in IE. You can also try to test, with Chrome or Firefox.

The flow:

1. Client request page requiring security.
2. Server response with 401, and authorization header.
3. Client send ticket info received from kdc(Active Directory)
4. Server checking data, and if negotiation not finish it will repeat step 2 with additional data.
5. Negotiation finishing and the server get the username of the user.

Just to mention I have not running this in production only testing pupose, and to better understand Kerberos.