Hi all, we are running a .NET web service which uses Kerberos delegation to access a backend service on behalf of the client's security context.
We have no problem with .NET client applications or IE accessing the web service, but in case of a Java app acting as client, delegation fails. The Java app correctly requests a TGT from the Win 2003 Active Directory and then requests and gets a valid service ticket to access the .NET web service. After that, the web service does a programmatically impersonation before making a ADSI/LDAP bind to the AD. This impersonation fails in case of a Java application. Client: - Java 6 application on Windows Web Service: - IIS 6 - ASP.NET 2.0 Web Service Backend Service: - Windows Server 2003 Active Directory Domain Controller (LDAP) Did anyone implemented a similar environment and may help me to find a solution? I can post configuration files, log files and network traces. loki ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
