3 Configuration - Reference Documentation
Authors: Burt Beckwith
Version: 1.0.0
3 Configuration
There are a few configuration options for the Kerberos plugin.The plugin uses the Spring Security Kerberos extension.All of these property overrides must be specified inThere are two required properties:grails-app/conf/Config.groovyusing thegrails.plugin.springsecuritysuffix, for examplegrails.plugin.springsecurity.kerberos.debug = true
| Name | Default | Meaning |
|---|---|---|
| kerberos.ticketValidator.servicePrincipal | none, required | the web application service principal, e.g. HTTP/www.example.com@EXAMPLE.COM |
| kerberos.ticketValidator.keyTabLocation | none, required | the URL to the location of the keytab file containing the service principal's credentials, e.g. file:///etc/http-web.keytab |
| Name | Default | Meaning |
|---|---|---|
| kerberos.active | true | set to false to disable the plugin |
| kerberos.client.debug | false | if true enables debug logs for the kerberos client bean |
| kerberos.configLocation | null | The location of the Kerberos config file (specify the path to the file, but omit "file://", e.g. "c:/krb5.conf"). Leave unset to use the default location (e.g. /etc/krb5.conf, c:winntkrb5.ini, /etc/krb5/krb5.conf) |
| kerberos.debug | false | if true enables debug logs for the kerberosConfig bean |
| kerberos.skipIfAlreadyAuthenticated | true | if true skip SpnegoAuthenticationProcessingFilter processing if already authenticated |
| kerberos.spnegoEntryPointForwardUrl | null | if set (e.g. '/login/auth') the EntryPoint will forward there in addition to setting the WWW-Authenticate header |
| kerberos.successHandler.headerName | 'WWW-Authenticate' | the name of the header to set following successful authentication |
| kerberos.successHandler.headerPrefix | 'Negotiate ' | the prefix for the encoded response token value |
| kerberos.ticketValidator.debug | false | if true enables debug logs for the ticketValidator bean |
| kerberos.ticketValidator.holdOnToGSSContext | false | if true, hold on to the GSS security context, otherwise call dispose() immediately |