A friendly place for programming greenhorns!
Big Moose Saloon
Register / Login
Kerberos credential delegation
Joined: Jan 10, 2012
Jun 17, 2013 10:37:52
I am currently trying to enable a spnego based SSO Application. As part of this I seek to get the delegated credentials.
How to verify that the credential I get after "GSSContext.acceptSecContext(gss, 0, gss.length);" is a delegated credential or not. "GSSContext.getCredDelegState()" is true.
My primary doubt is whether the server principal in the ticket should be "krbtgt/ABC.XYZ.COM@ABC.XYZ.COM" or should be the service "(HTTP/host.ABC.XYZ.com)" for which the ticket was delegated?``
I am using a linux based Kerberos server and linux hosts for this.
Is there any reference to what the delegated ticket should be like?
It is sorta covered in the
JavaRanch Style Guide
subject: Kerberos credential delegation
Need help with transparent single sign-on servlet filter
kerberos, java , AS400, winwdows 2000 newbie
apache-tomcat-6.0.16 - mod_auth_kerb
Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
Java APIs for kerberos impersonation/constrained delegation
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
| Powered by
Copyright © 1998-2015