cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sinma <sinma.ba...@gmail.com>
Subject Re: CXF, WSS4J, Kerberos using Microsoft AD as KDC
Date Sat, 23 Nov 2013 00:32:59 GMT
Hi,
No. Would it be possible to share setup steps?

Best Regards,
Sinma


On Mon, Nov 18, 2013 at 3:14 PM, Oliver Wulff-2 [via CXF] <
ml-node+s547215n5736504h8@n5.nabble.com> wrote:

> I've got Kerberos with CXF/WSS4J and STS for Microsoft AD running in a
> customer environment.
>
> Were you successful?
>
> Thanks
> Oli
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: Andrei Shakirin [[hidden email]<http://user/SendEmail.jtp?type=node&node=5736504&i=0>]
>
> Sent: 07 October 2013 09:18
> To: [hidden email] <http://user/SendEmail.jtp?type=node&node=5736504&i=1>
> Cc: [hidden email] <http://user/SendEmail.jtp?type=node&node=5736504&i=2>
> Subject: RE: CXF, WSS4J, Kerberos using Microsoft AD as KDC
>
> Hi,
>
> I never tried that under AD, not sure if Colm has some experience.
> JDK provides JAAS Login module for Windows as well
> (com.sun.security.auth.module.Krb5LoginModule), therefore I thought that it
> should work.
>
> I would suggest to start from very simple case, not involving CXF at all
> on the first step:
>
> jaas.conf:
> alice {
>     com.sun.security.auth.module.Krb5LoginModule required
>     debug=true
>     useTicketCache=true;
> };
>
> public class JaasLoginTest {
>
>     public static void main(String argv[]) {
>         URL conf =
> JaasLoginTest.class.getClassLoader().getResource("jaas.conf");
>         System.setProperty("java.security.auth.login.config",
> conf.toString());
>
>         // Only needed when not using the ticket cache
>         CallbackHandler callbackHandler = new CallbackHandler() {
>
>             @Override
>             public void handle(Callback[] callbacks) throws IOException,
> UnsupportedCallbackException {
>                 for (Callback callback : callbacks) {
>                     if (callback instanceof NameCallback) {
>                         ((NameCallback)callback).setName("alice");
>                     }
>                     if (callback instanceof PasswordCallback) {
>
> ((PasswordCallback)callback).setPassword("clarinet".toCharArray());
>                     }
>                 }
>
>             }
>         };
>
>         try {
>             LoginContext lc = new LoginContext("alice", callbackHandler);
>             lc.login();
>             Subject subject = lc.getSubject();
>             Set<Principal> principals = subject.getPrincipals();
>             Set<Object> credentials = subject.getPrivateCredentials();
>             System.out.println("OK: " + principals);
>             System.out.println("OK: " + credentials);
>         } catch (LoginException e) {
>             e.printStackTrace();
>         }
>     }
>
> Code tries Kerberos logon with user alice and password clarinet.
> After you get it works, you can try further steps with CXF.
>
> Regards,
> Andrei.
>
> > -----Original Message-----
> > From: sinma [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=5736504&i=3>]
>
> > Sent: Samstag, 5. Oktober 2013 13:09
> > To: [hidden email]<http://user/SendEmail.jtp?type=node&node=5736504&i=4>
> > Subject: RE: CXF, WSS4J, Kerberos using Microsoft AD as KDC
> >
> > Hi Andrei,Thanks for reply. Kerberos setup is native in microsoft. The
> way
> > they are setting service principal in AD is not the same as MIT Krb5
> that Colm
> > laid out in his blog - I personally believe MIT way is pretty straight
> forward
> > and clear. So steps in Colm's blog are not enough to get it working with
> > Microsoft AD as KDC. On top Microsoft adding their own PAC part to the
> > ticket which it seems adding issues to ticket validation - am not sure
> about it
> > yet. There must be couple tricks and tweaks in spn setup; I'm still
> digging in
> > and will share if I can find it. I was just checking and hoping somebody
> tried
> > MS Krb5 implementation and have it working with WSS4J/CXF. It seems the
> > answer is no, at least in CXF community.  Regards,Sin
> >
> >
> >
> > --
> > View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-
> > Kerberos-using-Microsoft-AD-as-KDC-tp5734586p5734769.html
> > Sent from the cxf-user mailing list archive at Nabble.com.
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://cxf.547215.n5.nabble.com/CXF-WSS4J-Kerberos-using-Microsoft-AD-as-KDC-tp5734586p5736504.html
>  To unsubscribe from CXF, WSS4J, Kerberos using Microsoft AD as KDC, click
> here<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5734586&code=c2lubWEuYmFiZWxAZ21haWwuY29tfDU3MzQ1ODZ8MTg2NzUzMDc1NQ==>
> .
> NAML<http://cxf.547215.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>




--
View this message in context: http://cxf.547215.n5.nabble.com/CXF-WSS4J-Kerberos-using-Microsoft-AD-as-KDC-tp5734586p5736913.html
Sent from the cxf-user mailing list archive at Nabble.com.

Mime
View raw message