On Fri, Feb 25, 2011 at 1:53 PM, Prabath Siriwardana wrote:
>
>
> On Fri, Feb 25, 2011 at 1:39 PM, Amila Jayasekara wrote:
>
>> On Fri, Feb 25, 2011 at 12:37 PM, Prabath Siriwardana
>> wrote:
>> > In fact the client principal is available for the service end - that is
>> how
>> > we do XACML aut
On Fri, Feb 25, 2011 at 1:39 PM, Amila Jayasekara wrote:
> On Fri, Feb 25, 2011 at 12:37 PM, Prabath Siriwardana
> wrote:
> > In fact the client principal is available for the service end - that is
> how
> > we do XACML authorization based on the client principal..
>
> How are we extracting clie
On Fri, Feb 25, 2011 at 12:37 PM, Prabath Siriwardana wrote:
> In fact the client principal is available for the service end - that is how
> we do XACML authorization based on the client principal..
How are we extracting client principal name from the incomming
kerberos token ? Is it in the kerbe
In fact the client principal is available for the service end - that is how
we do XACML authorization based on the client principal..
Thanks & regards,
-Prabath
On Fri, Feb 25, 2011 at 12:30 PM, Amila Suriarachchi wrote:
>
>
> On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana wrote:
>
>> Th
On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana wrote:
> The client principal name is accessible via the MessageContext.. we need to
> populate CarbonContext..
What I learned from AmilaJ is that client principal name is not available if
we only use Kerbros.
Basically what kerboros says is
The client principal name is accessible via the MessageContext.. we need to
populate CarbonContext..
Thanks & regards,
-Prabath
On Fri, Feb 25, 2011 at 12:20 PM, Amila Jayasekara wrote:
> On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi
> wrote:
> > When a user authenticated using kerboros
On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi wrote:
> When a user authenticated using kerboros, is the user name available to the
> server?
Hi Amila,
As far as i know the client only sends a Kerberos token. I am not sure
whether client principal name is in it. Thus as per now user name is
When a user authenticated using kerboros, is the user name available to the
server?
if so can the service get the user name with CarbonContext.getUserName()
thanks,
Amila.
On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara wrote:
> Hi All,
> As some of you may know, there is a Kerberos KDC serv
Adding more info to what Prabath mentioned,
In the kerberos configuration (krb.conf) we can define the realms that
clients can access. In the case of apacheds for each tenant there will
be a separate partition created. In other sense for each tenant a
separate realm will be created. Thus when givin
On Fri, Feb 25, 2011 at 1:17 AM, Prabath Siriwardana wrote:
> Further we need to maintain trust stores on Tenant basis..
>
> There can be a case - Tenant-A trusts Service - A and needs to add
> Service-A's cert to the trust store - currently this is not possible - since
> we do not have the concep
Further we need to maintain trust stores on Tenant basis..
There can be a case - Tenant-A trusts Service - A and needs to add
Service-A's cert to the trust store - currently this is not possible - since
we do not have the concept of tenant based trust stores..
Thanks & regards,
-Prabath
On Fri,
Currently - the JGSS API reads these configuration files as system
properties.. So we would be able to setup a single KDC. We need to invest
some time on this to find out a ways of doing this with out system
properties..
Same issues exists there when a tenant - for example wants to talk to an
exte
So, my usual question, how does this work in a multitenant environment? How
are you going to provide tenant specific conf files?
Azeez
On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara wrote:
> Hi All,
> As some of you may know, there is a Kerberos KDC server with latest IS
> build. In-order t
13 matches
Mail list logo