On Wednesday, August 01, 2012 01:12:31 PM Josef Bajada wrote:
> Nice!
>
> Sergey, is it maybe possible to have getToken() (line 130 I think) split
> into 2 methods, with the second one taking the GSSCredential as a
> parameter and being protected rather than private? So the second
> getToken() wou
nd has to
> be secured together with the environment its running on using the normal
> security measures to protect any server carrying sensitive corporate data.
>
> Best regards,
>
> Josef
>
>
> -----Original Message-
> From: Christian Schneider [mailto:cschneider
Christian Schneider
Sent: 19 July 2012 21:54
To: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
That sounds very interesting as it is a quite simple solution. It might have
some securtiy implications though. Still it might be interesting to describe
this
s email, the
company cannot accept responsibility for any loss or damage arising
from the use of this email or attachments.
-Original Message-
From: Christian Schneider [mailto:cschneider...@gmail.com] On Behalf
Of Christian Schneider
Sent: 19 July 2012 17:49
To: users@cxf.apac
l.com] On Behalf Of
Christian Schneider
Sent: 19 July 2012 21:54
To: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
That sounds very interesting as it is a quite simple solution. It might have
some securtiy implications though. Still it mig
ny cannot
accept responsibility for any loss or damage arising from the use of this email
or attachments.
-Original Message-
From: Christian Schneider [mailto:cschneider...@gmail.com] On Behalf Of
Christian Schneider
Sent: 19 July 2012 17:49
To: users@cxf.apache.org
Subject: Re:
accept responsibility for any loss or damage arising from the use of this email
or attachments.
-Original Message-
From: Christian Schneider [mailto:cschneider...@gmail.com] On Behalf Of
Christian Schneider
Sent: 19 July 2012 17:49
To: users@cxf.apache.org
Subject: Re: Kerberos
I think an interceptor like you proposed might be the best solution long
term as it allows to keep the auth stuff out of the business code.
Christian
Am 19.07.2012 17:31, schrieb Sergey Beryozkin:
Hi Christian
On 19/07/12 06:53, Christian Schneider wrote:
I don´t think a static gssCredential
Hi Christian
On 19/07/12 06:53, Christian Schneider wrote:
I don´t think a static gssCredential in the spring config can help. The
credentials may be different on each call.
I thought Spring would be able to offer some per-request wrapper :-)
Instead I think we need to set the property on the
I don´t think a static gssCredential in the spring config can help. The
credentials may be different on each call.
Instead I think we need to set the property on the client just before
the call. This is how it would look in the wsdl_first example:
org.apache.cxf.endpoint.Client client
12 14:33
To: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal
Ticket
On 18/07/12 13:05, Sergey Beryozkin wrote:
Hi Christian, All
On 18/07/12 10:06, Christian Schneider wrote:
Hi Sergey and Josef,
in Kerberos there are two kinds of tickets. The Ticket Granting
Tic
?
Cheers,
Josef
-Original Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 18:17
To: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
By the way, SpnegoAuthSupplier now checks for GSSCredential on the CXF
d client.
However this filter would be of interest only if CXF also acted as a
receiver of the original request
Cheers, Sergey
Josef
-Original Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 14:33
To: users@cxf.apache.org
Subject: Re: Kerberos a
utbound client.
However this filter would be of interest only if CXF also acted as a
receiver of the original request
Cheers, Sergey
Josef
-Original Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 14:33
To: users@cxf.apache.org
Subject: Re: Kerberos a
org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
On 18/07/12 13:05, Sergey Beryozkin wrote:
> Hi Christian, All
> On 18/07/12 10:06, Christian Schneider wrote:
>> Hi Sergey and Josef,
>>
>> in Kerberos there are two kinds of tickets. The Ticket Granting
On 18/07/12 13:05, Sergey Beryozkin wrote:
Hi Christian, All
On 18/07/12 10:06, Christian Schneider wrote:
Hi Sergey and Josef,
in Kerberos there are two kinds of tickets. The Ticket Granting Ticket
(TGT) together with a session key is the one issued for the user after
he authenticates on his m
Hi Christian, All
On 18/07/12 10:06, Christian Schneider wrote:
Hi Sergey and Josef,
in Kerberos there are two kinds of tickets. The Ticket Granting Ticket
(TGT) together with a session key is the one issued for the user after
he authenticates on his machine. This ticket then allows to get a
Ser
Hi Sergey and Josef,
in Kerberos there are two kinds of tickets. The Ticket Granting Ticket
(TGT) together with a session key is the one issued for the user after
he authenticates on his machine. This ticket then allows to get a
Service Ticket (ST) for a certain server. This service ticket is
it at the base CXF level
Cheers, Sergey
Thanks a lot,
Josef
-Original Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 00:49
To: Josef Bajada
Cc: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
Hi
On
Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 00:49
To: Josef Bajada
Cc: users@cxf.apache.org
Subject: Re: Kerberos authentication using delegation from Principal Ticket
Hi
On 17/07/12 23:41, Josef Bajada wrote:
> Hi Sergey,
>
> I was thinking along y
Josef
-Original Message-
From: Sergey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 00:34
To: users@cxf.apache.org
Cc: Josef Bajada
Subject: Re: Kerberos authentication using delegation from Principal Ticket
Hi Josef, Oli
On 17/07/12 19:56, Josef Bajada wrote:
Hi,
I have a situ
rgey Beryozkin [mailto:sberyoz...@gmail.com]
Sent: 18 July 2012 00:34
To: users@cxf.apache.org
Cc: Josef Bajada
Subject: Re: Kerberos authentication using delegation from Principal Ticket
Hi Josef, Oli
On 17/07/12 19:56, Josef Bajada wrote:
> Hi,
>
> I have a situation where Single Sign On using Kerb
Hi Josef, Oli
On 17/07/12 19:56, Josef Bajada wrote:
Hi,
I have a situation where Single Sign On using Kerberos (with Microsoft AD) is
being used (Tomcat 7, SPNEGO, JNDIRealm).
All works fine and the user authenticates automatically with Tomcat and the
Principal for that user is obtained whi
egards,
Josef
-Original Message-
From: Oliver Wulff [mailto:owu...@talend.com]
Sent: 17 July 2012 23:04
To: users@cxf.apache.org
Subject: RE: Kerberos authentication using delegation from Principal Ticket
>>>
- Will the authentication handshake be the same from a browser point o
this was out of my control.
Thanks
Oli
--
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________
From: Josef Bajada [josef.baj...@go.com.mt]
Sent: 17 July 2012 22:44
To
a way
to use STS to get a new Ticket for the container-provided Principal, but for
the remote web-service?
Thanks and regards,
Josef
-Original Message-
From: Oliver Wulff [mailto:owu...@talend.com]
Sent: 17 July 2012 22:04
To: users@cxf.apache.org
Subject: RE: Kerberos authentication
Hi Josef
I make quite a lof of experience with kerberos and the "delegate" mechanism of
it which turned out to be very tricky. Kerberos works fine within Microsoft as
administration is very easy. All resources (client, servers) are managed by an
AD domain/kerberos realm but it's much more diffi
27 matches
Mail list logo
