File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Kerberos credential delegation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Kerberos credential delegation" Watch "Kerberos credential delegation" New topic

Kerberos credential delegation

manto kumar

Joined: Jan 10, 2012
Posts: 10
I am currently trying to enable a spnego based SSO Application. As part of this I seek to get the delegated credentials.

How to verify that the credential I get after "GSSContext.acceptSecContext(gss, 0, gss.length);" is a delegated credential or not. "GSSContext.getCredDelegState()" is true.

My primary doubt is whether the server principal in the ticket should be "krbtgt/ABC.XYZ.COM@ABC.XYZ.COM" or should be the service "(HTTP/" for which the ticket was delegated?``

Please see image attached.

I am using a linux based Kerberos server and linux hosts for this.

Is there any reference to what the delegated ticket should be like?

[Thumbnail for DelegTkt.jpg]

It is sorta covered in the JavaRanch Style Guide.
subject: Kerberos credential delegation
Similar Threads
apache-tomcat-6.0.16 - mod_auth_kerb
Need help with transparent single sign-on servlet filter
kerberos, java , AS400, winwdows 2000 newbie
Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
Java APIs for kerberos impersonation/constrained delegation