3.4.2. eXo Platform server configuration


As said earlier, the eXo Platform configuration should be done on the Machine 2 on which eXo Platform is running.

Installing eXo SPNEGO add-on

Go to $PLATFORM_HOME, and install SPNEGO add-on with the command: addon install exo-spnego.

Integrating SPNEGO with eXo Platform Tomcat

  1. Append this login module into the bottom of the $PLATFORM_TOMCAT_HOME/conf/jaas.conf file.

    spnego-server {
            com.sun.security.auth.module.Krb5LoginModule required


    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  2. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties file (see Configuration overview for this file).

    # SSO
  3. On Windows environment, rename $PLATFORM_TOMCAT_HOME/bin/setenv-customize.sample.bat into $PLATFORM_TOMCAT_HOME/bin/setenv-customize.bat, then add the following to the setenv-customize.bat file.

    SET "CATALINA_OPTS=%CATALINA_OPTS% -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$ADMACHINE_NAME.example.com"


    $ADMACHINE_NAME is name of the machine that has Active Directory installed.

  4. Start eXo Platform.

Intergating SPNEGO with eXo Platform JBoss

  1. Add the login module "spnego-server" as the child of the <security-domains> section of the $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exo.xml file.

    <security-domain name="spnego-server" cache-type="default">
                <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
                    <module-option name="storeKey" value="true"/>
                    <module-option name="doNotPrompt" value="true"/>
                    <module-option name="useKeyTab" value="true"/>
                    <module-option name="keyTab" value="/etc/krb5.keytab"/>
                    <module-option name="principal" value="HTTP/server.example.com@EXAMPLE.COM"/>
                    <module-option name="useFirstPass" value="true"/>
                    <module-option name="debug" value="true"/>
                    <module-option name="isInitiator" value="false"/>


    On Windows environment, you should change the path of keytab. For example, if this file is put into the D drive, it should be: keyTab="D:/server.keytab".

  2. Uncomment the below login module in standalone-exo.xml, then change ${gatein.sso.login.module.enabled} and ${gatein.sso.login.module.class} into #{gatein.sso.login.module.enabled} and #{gatein.sso.login.module.class} respectively.

    <login-module code="org.gatein.sso.integration.SSODelegateLoginModule" flag="required">
            <module-option name="enabled" value="#{gatein.sso.login.module.enabled}"/>
            <module-option name="delegateClassName" value="#{gatein.sso.login.module.class}"/>
            <module-option name="portalContainerName" value="portal"/>
            <module-option name="realmName" value="gatein-domain"/>
            <module-option name="password-stacking" value="useFirstPass"/>
  3. Configure SSO for eXo Platform by appending these configurations into the $PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties file (see Configuration overview for this file).

    # SSO
  4. Start eXo Platform by using the command:

    • ./standalone.sh -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=server.example.com -b server.example.com (on Linux)

    • standalone.bat -Djava.security.krb5.realm=EXAMPLE.COM -Djava.security.krb5.kdc=$AD_MACHINE_NAME.example.com -b server.example.com (on Windows)


      $AD_MACHINE_NAME is name of the machine that has Active Directory installed.

Next, move to the final step to configure the client (browser you are using).

Copyright ©. All rights reserved. eXo Platform SAS
blog comments powered byDisqus