Kerberos Spnego in Spring and Angular frontend + JWT

1
votes

My main goal is to have a Kerberos authentication first and if it fails have an Angular's form page that send a post with username/password to /users/login.

I have configured pretty much as follow in Spring and already made a login/password authentication that sends back a JWT, with guards in the frontend. The frontend is served in the resources folder of Spring.

Kerberos does not seem to pop up/auto log. Is there something specific to do ?

Is creating a filter after the Kerberos login the right way to process the authentication in the frontend ?

1
angularspringkerberosspnego

1 Answers

0
votes

Because my Spnego configuration was using a SpnegoEntryPoint("/#/login") and/or the Spring Security was using .formLogin().loginPage("/#/login").permitAll() and since Spnego uses Forward and not Redirect, he couldn't find the page server side and threw a 404 instead of a 401.

401 is what triggers a Kerberos Authentication coupled with the header WWW-Authorization: Negotiate. So since it threw a 404, it never did initiate the Kerberos Authentication.

Therefore, I changed both /#/login to /index.html (/ would probably work).

Then, Angular side (in app.component.ts), I trigger an API call on a secure endpoint /connect and my CustomAuthenticationSuccessHandler.java registered to my filter simply decorate the header with a JWT Token in the header Authorization : Bearer

UserDetails authUser = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
httpServletResponse.addHeader(SecurityConstants.HEADER_STRING,
                SecurityConstants.TOKEN_PREFIX + TokenUtil.generateToken(authUser));

I then simply take the header, store it in LocalStorage, redirect the user to the page.