sspi

“The token supplied to the function is invalid” error when validating SPNEGO Response Token with SSPI

寵の児 提交于 2020-03-05 01:27:33
问题 We are reconfiguring a SPNEGO / Kerberos SSO application to use AES128 / AES256 instead of the the weak encryption ciphers DES and RC4. Some days ago I posted a preparatory question: Now we have a concrete error. The token supplied to the function is invalid. The components: The Kerberos “back-end” is Windows Active Directory The Application Server uses pure Java GSSAPI and runs on Windows Server. The client runs on Windows 10, and is written in Java. It has 2 SPNEGO / SSO implementations:

“The token supplied to the function is invalid” error when validating SPNEGO Response Token with SSPI

╄→гoц情女王★ 提交于 2020-03-05 01:26:09
问题 We are reconfiguring a SPNEGO / Kerberos SSO application to use AES128 / AES256 instead of the the weak encryption ciphers DES and RC4. Some days ago I posted a preparatory question: Now we have a concrete error. The token supplied to the function is invalid. The components: The Kerberos “back-end” is Windows Active Directory The Application Server uses pure Java GSSAPI and runs on Windows Server. The client runs on Windows 10, and is written in Java. It has 2 SPNEGO / SSO implementations:

How to specify accepted certificates for Client Authentication in .NET SslStream

╄→尐↘猪︶ㄣ 提交于 2020-01-21 12:59:51
问题 I am attempting to use the .Net System.Security.SslStream class to process the server side of a SSL/TLS stream with client authentication. To perform the handshake, I am using this code: SslStream sslStream = new SslStream(innerStream, false, RemoteCertificateValidation, LocalCertificateSelectionCallback); sslStream.AuthenticateAsServer(serverCertificate, true, SslProtocols.Default, false); Unfortunately, this results in the SslStream transmitting a CertificateRequest containing the

Is impersonation in Win32 per thread?

我的梦境 提交于 2020-01-14 18:54:29
问题 Is calling ImpersonateSecurityContext on the server impersonating the client on the calling thread or for the entire process. The documentation is a bit vague on the matter as it states that "The function creates an impersonation token and allows the thread or process to run with the impersonation context" . I assume that impersonation is only for the calling thread, anything else would be strange, but I want to be sure. 回答1: Per MSDN: Client Impersonation Impersonation is the ability of a

Running two Django Apps on Apache with mod_auth_sspi and mod_wsgi

寵の児 提交于 2019-12-24 13:42:32
问题 I've been running one Django app with Single Sign-On enabled by mod_auth_sspi using mod_wsgi. Apache/2.2.21 (Win32) mod_wsgi/3.3 Python/2.7.2 mod_auth_sspi/1.0.4 Problem is, that I can't add second Django app, which uses the same modules, because I want to use Single Sign-On too. If I add second app, Apache authenticates only the first requested app. The second one throws Error 500 - Internal server error. If I restart Apache and try to request second app at first, it works. But then when I

Looking for Platform SDK SSPI(Schannel) sample c++

ぐ巨炮叔叔 提交于 2019-12-23 17:27:16
问题 I want to see a microsoft sample that demonstrate using of SSPI with Schannel. As I see here there is a such sample, but I cannot succeed to find it :( Can anyone please help me to find it? Thanks in advance! 回答1: There are WebServer and WebClient examples in Windows® Server 2003 SP1 Platform SDK ISO Install under Microsoft Platform SDK\Samples\Security\SSPI\SSL . 来源: https://stackoverflow.com/questions/11330471/looking-for-platform-sdk-sspischannel-sample-c

Solution to avoid double-hop from client > web service > SQL Server

有些话、适合烂在心里 提交于 2019-12-19 09:02:38
问题 My project invoves a user connecting from client to web service, and then web service to SQL Server. The web services and SQL Server are on separate machines. Because of security requirements, we cannot used mixed mode in SQL Server, only Windows authentication. We are experiencing the "double-hop" issue between web service and SQL Server. We are using NTLM authentication and do not want to configure Kerberos because of the overhead and learning curve. We also don't want to have the web

How do people make Java SPNEGO client work in Windows?

喜你入骨 提交于 2019-12-18 11:15:16
问题 In order to do client-side HTTP SPNEGO authentication with Java on Windows you need to set the Windows Registry key allowtgtsessionkey. This is well documented. What I do not understand is how people get around this? Most corporate sites would never accept to change this registry key in Windows for the sake of a single piece of software. Also think about the hassle if this needs to be changed on every workstation in the organization. But that's just theory because I've so far been unable to

Exception on SslStream.AuthenticateAsClient (The message was badly formatted)

时间秒杀一切 提交于 2019-12-18 08:25:58
问题 I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder. Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library

Exception on SslStream.AuthenticateAsClient (The message was badly formatted)

我与影子孤独终老i 提交于 2019-12-18 08:25:46
问题 I have got wierd problem going on. I am trying to connect to Apple server via TCP/SSL. I am using a Client certificate provided by Apple for push notifications. I installed the certificate on my server (Win2k3) in both Local Trusted Root certificates and Local Personal Certificates folder. Now I have a class library that deals with that connection, when i call this class library from a console application running from the server it works absolutely fine, but when i call that class library