spnego

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss. I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user. How to access and decrypt kerberos ticket? I've searched net for examples, but without effort. These guys have a full PAC decoding implementation: http://jaaslounge.sourceforge.net/ You can use the token parser like this: HttpServletRequest request = (HttpServletRequest) req; String header = request.getHeader("Authorization"); byte[]

How do I configure SSO with the MS Windows logged-on user for a Play Framework web application? I would like to deploy a Play Framework Java web app in an enterprise environment in which the users expect the authentication to be performed behind the scenes using the MS Windows logged in user. It is important to be able to adapt the java web app behavior depending on who the user is. I understand this can be configured for JEE apps using Waffle or SPNEGO for example. However, how can I do this for a Play Framework 2.x application? Through packaging as a WAR using play2-war-plugin and deploying

I need my CLI PHP script to post some value to a SPNEGO authenticated site. $ch = curl_init(USERSPACE_MYSQL_SERVICES); curl_setopt_array($ch, [ CURLOPT_HTTPAUTH => ??, //Set to SPNEGO CURLOPT_POSTFIELDS => [...] ]); However SPNEGO is disabled for some reason: Extract from my phpinfo: curl cURL support => enabled cURL Information => 7.21.6 Age => 3 Features AsynchDNS => No Debug => No GSS-Negotiate => Yes IDN => Yes IPv6 => Yes Largefile => Yes NTLM => Yes SPNEGO => No <--------------- SSL => Yes SSPI => No krb4 => No libz => Yes CharConv => No Protocols => dict, file, ftp, ftps, gopher, http,

Over the last few days I have built a proof-of-concept demo using the GSS-API and SPNEGO . The aim is to give users single-sign-on access to services offered by our custom application server via Http RESTful web-services. A user holding a valid Kerberos Ticket Granting Ticket (TGT) can call the SPNEGO enabled web-service, the Client and Server will negotiate, the user will be authenticated (both by Kerberos and on application level), and will (on successful authentication) have a Service Ticket for my Service Principal in his Ticket Cache. This works well using CURL with the --negotiate flag

I would like to perform authentification with SPNEGO. I use: spring-core-3.1.0.RELEASE.jar spring-security-core-3.1.0.RELEASE.jar spring-security-kerberos-core-1.0.0.M2.jar package codec from spring core security 3.0.7 (https://jira.springsource.org/browse/SES-98) tomcat My Config file looks like the following. When I try to authentificate with the above libraries I got the following exception. Had someone the same problem and handled it? Config file (taken from spring security kerberos example): <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"

I'm attempting to implement a simple Single Sign On scenario where some of the participating servers will be windows (IIS) boxes. It looks like SPNEGO is a reasonable path for this. Here's the scenario: User logs in to my SSO service using his username and password. I authenticate him using some mechanism. At some later time the user wants to access App A. The user's request for App A is intercepted by the SSO service. The SSO service uses SPNEGO to log the user in to App A: The SSO service hits the App A web page, gets a "WWW-Authenticate: Negotiate" response The SSO service generates a

We are having trouble getting Kerberos/AD authentication to work with a Spring webapp, and I believe the problem has to do with encryption types for the Kerberos tickets and the Active Directory domain functional level. The basic setup is: Tomcat 7 Java 1.6 (29) Windows Server 2008 R2 Spring 3.0 Spring Security Kerberos/Spnego extension M2 detailed here: http://blog.springsource.com/2009/09/28/spring-security-kerberos/ I have one environment where the Active Directory domain functional level is Windows Server 2003 and everything works fine, with clients authenticating as expected if they are