[jira] [Commented] (CXF-3635) WS-Trust SPNego (WCF message level spnego)

Sun, 01 Jan 2012 09:11:56 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-3635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178194#comment-13178194
 ] 

Tom Schneider commented on CXF-3635:
------------------------------------

Everything worked great except for one minor change:

In SpnegoClientAction.java, I had to change:
GSSName gssService = gssManager.createName(serviceName, 
GSSName.NT_HOSTBASED_SERVICE);
To:
GSSName gssService = gssManager.createName(serviceName, null);

Without this change, I wasn't getting a kerberos ticket back.

One other issue I had was that the signature verification is failing when the 
SOAP response from the server is a fault.  (For example, if I ask for a contact 
id that doesn't exist)  We worked around this issue in our code by ignoring 
signature validation failures.  Not sure if this is a CXF or a WCF issue...  I 
can provide more details if needed.

I also think some good documentation around this would be good.  It took me 
quite a while to figure out how to configure this, even with the help of your 
unit tests.  I'd like to put something together before I forget everything. :)
                
> WS-Trust SPNego (WCF message level spnego)
> ------------------------------------------
>
>                 Key: CXF-3635
>                 URL: https://issues.apache.org/jira/browse/CXF-3635
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 2.3.5
>            Reporter: Tom Schneider
>            Assignee: Colm O hEigeartaigh
>         Attachments: cxf-wstrust-spnego.zip
>
>
> We have spent time implementing SPNego over WS-Trust support for CXF and wish 
> to submit it for possible inclusion in CXF itself.  (Or at least as an 
> example for others to follow)  This was implemented so we could use the 
> webservice of MS CRM 2011 when configured for 'on-premise' security, although 
> I think WCF 4.0 uses this type of security by default if you explicitly 
> change it.  So I'm sure this functionality would be useful to others.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to