Is it possible to authenticate web services (
SOAP) using Kerberos tickets (obtained by authentication versus Active Directory) with popular OSS
Java application servers (in my case primarily
JBoss)? I would like to obtain interoperability between Microsoft and Java based web services on our LAN/WAN. We have no need for signing or encryption on the LAN/WAN (but passwords is not allowed to be sent in plain text). I would like to avoid SSL encrypting everything just to not send the password in plain text. Kerberos would work nicely with our MS services and is as I understand it a compact token (compared to for instance more interoperable alternatives like SAML).
If it is possible how would I go about it (do I need some additional components/products etc, how can I find info about how to configure JBoss)?
I have tried "googling" it but most of the info I find has to do with WEB APPLICATION authentication and not WEB SERVICE...
All suggestions are appreciated!