SSO Application setup (springboot-kerberos-sso)

The Spring Boot Kerberos SSO application provides APIs to generate an SSO token, which is required to establish secure connections with internal IBM i systems.

Prerequisites

Before building and running the application, ensure the following are installed on your system:

  • Java 17 or higher
  • Maven (apache-maven-3.9.2)
  • Docker (optional, for containerization/cloud deployment)
  • IntelliJ IDEA (optional, for local development and debugging)

Building and Running the Application

To build and run the SSO application, follow the steps below:

  1. Build: get inside the application's root directory and use the command below.
    $ mvn clean package
  2. To run the project, use the following command.
    $ java -jar target/springboot-kerberos-sso-0.0.1-SNAPSHOT.jar

Docker build and containerization

If the user needs a containerization/cloud deployment for this application, follow the steps below:

  1. Build: get inside the application's root directory and use the command below.
    $ mvn clean package
  2. To build a Docker Image of the application, use the command below.
    docker build --tag=springboot-kerberos-sso:latest .
  3. To run the container from the image.
    docker run -p8887:8083 springboot-kerberos-sso:latest

Custom properties or configuration

The application can be customized by modifying the application.properties file. Configuration can be passed in multiple ways:

springboot-kerberos-sso.zip, application.properties

  1. Using Command Line:
    $ java -jar target/springboot-kerberos-sso-0.0.1-SNAPSHOT.jar --spring.config.location=file:/path/to/your/application.properties
  2. Using Environment Variables:
    $ set SPRING_CONFIG_LOCATION=file:/path/to/your/application.properties
$ java -jar target/springboot-kerberos-sso-0.0.1-SNAPSHOT.jar
  3. Docker Environment:
    1. Using Environment Variables:
      $ docker run -p8887:8083  -e SPRING_CONFIG_LOCATION=file:/path/to/your/application.properties -v /path/to/your/application.properties:/path/to/your/application.properties springboot-kerberos-sso:latest
    2. Using Volume Mounts:
      $ docker run -p8887:8083  -v /path/to/your/application.properties:/path/to/application.properties springboot-kerberos-sso:latest --spring.config.location=file:/path/to/application.properties
Note:
  1. System Time Synchronization
    • The IBM i system, SSO Application, and Microsoft Active Directory must be in the same time zone with synchronized clocks.
    • Even a 1–2 minute difference can result in authentication failures.

    Below are the Command-Line commands to verify the IBM I system:

    Check the Current System Time:
    WRKSYSVAL SYSVAL(QTIME)
    Check the Current System Time Zone:
    WRKSYSVAL SYSVAL(QTIMZON)
  2. Service principals (e.g., IBM i principals, LDAP principals for IBM i) must have identical passwords in Active Directory service principals.
  3. A KeyTab file must be created in Active Directory or within the domain where the SSO application will run.