[jira] [Commented] (CXF-3635) WS-Trust SPNego (WCF message level spnego)

Tue, 03 Jan 2012 07:53:25 -0800 

    [ 
https://issues.apache.org/jira/browse/CXF-3635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13178792#comment-13178792
 ] 

Tom Schneider commented on CXF-3635:
------------------------------------

The following also worked for me:
GSSName gssService = gssManager.createName(serviceName, GSSName.NT_USER_NAME);
which makes sense since I'm using an active directory username and password to 
authenticate with Kerberos.  I guess this has to be configurable since we can't 
assume an initial authentication mechanism.  Another option might be to allow a 
user to pass in their own SpnegoClientAction like I've currently doing with the 
NamePasswordCallback. (i.e. the ws-security.callback-handler property)  That 
would provide the most flexibility.

You're too late for the documentation, I already created an example for CRM 
2011 and added a link on the CXF wiki:
http://groovyjava-tom.blogspot.com/2012/01/cxf-and-ms-crm-2011.html

I'll try to put together a unit test for the working and non-working signature 
validation.
                
> WS-Trust SPNego (WCF message level spnego)
> ------------------------------------------
>
>                 Key: CXF-3635
>                 URL: https://issues.apache.org/jira/browse/CXF-3635
>             Project: CXF
>          Issue Type: New Feature
>          Components: WS-* Components
>    Affects Versions: 2.3.5
>            Reporter: Tom Schneider
>            Assignee: Colm O hEigeartaigh
>         Attachments: cxf-wstrust-spnego.zip
>
>
> We have spent time implementing SPNego over WS-Trust support for CXF and wish 
> to submit it for possible inclusion in CXF itself.  (Or at least as an 
> example for others to follow)  This was implemented so we could use the 
> webservice of MS CRM 2011 when configured for 'on-premise' security, although 
> I think WCF 4.0 uses this type of security by default if you explicitly 
> change it.  So I'm sure this functionality would be useful to others.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to