cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marco Di Sabatino Di Diodoro <marco.disabat...@tirasa.net>
Subject CXF and kerberos authentication
Date Fri, 14 Mar 2014 16:53:57 GMT
Hi, 

I’m an PMC member of Apache Syncope[1].
We are building a new connector bundle for Connid[2] that needs to connect with FreeIpa server.

The connector bundle use JSON-RPC to communicate with the server that is protected by Kerberos.
We followed this guide (http://cxf.apache.org/docs/jaxrs-kerberos.html) but the connector
not negotiate with Kerberos

WebClient wc = WebClient.create("https://olmo.example.com/ipa/json");
WebClient.getConfig(wc).getHttpConduit().setTlsClientParameters(clientParameters());
AuthorizationPolicy policy = new AuthorizationPolicy();
policy.setAuthorizationType("Negotiate");
policy.setAuthorization(KEYTAB_CONF);
KerberosAuthOutInterceptor kbInterceptor = new KerberosAuthOutInterceptor();
kbInterceptor.setPolicy(policy);
kbInterceptor.setRealm(“EXAMPLE.COM");
kbInterceptor.setServicePrincipalName("ldap/olmo.example.com");
kbInterceptor.setCredDelegation(true);
WebClient.getConfig(wc).getOutInterceptors().add(kbInterceptor);

I try a lot of other configuration without success, have you any suggestion?

If we run with curl it works.

Regards
M

[1] http://syncope.apache.org/
[2] http://tirasa.github.io/ConnId/

-- 
Dott. Marco Di Sabatino Di Diodoro
Tel. +39 3939065570

Tirasa S.r.l.
Viale D'Annunzio 267 - 65127 Pescara
Tel +39 0859116307 / FAX +39 0859111173
http://www.tirasa.net

Apache Syncope PMC Member
http://people.apache.org/~mdisabatino/


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message