directory-kerby mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: JWT pre-authentication - get JWT token on service side
Date Thu, 16 Jun 2016 11:18:34 GMT
Thanks Kai. A few questions below.

On Thu, Jun 16, 2016 at 11:33 AM, Zheng, Kai <kai.zheng@intel.com> wrote:

>
> 1. For issuing service ticket, the token used to do the authentication or
> a token derivation was put into the issued service ticket as authorization
> data. I'm not sure in current Kerby impl, it has done this or not. If not,
> it should be not difficult to support it, considering we have some Kerby
> authorization support now.
>

I can take a look at this. Can you give me some pointers in the code so
that I know where to start?


>
> 2. In application server side, it should be able to query and extract out
> the token encapsulated in the authorization data field in the service
> ticket. This should be doable now, because a proposal from me quite some
> ago had already been accepted by Oracle Java, as recorded in the following
> ticket, though I hadn't got the chance to verify it using latest JDK update
> like JDK8.
>
> JDK-8044085, our extension proposal accepted and committed: allowing
> querying authorization data field of service ticket.
> https://bugs.openjdk.java.net/browse/JDK-8044085


The JDK service ticket only refers to SASL. If I'm just using GSS on the
service side, is it already supported? If so, how can I extract it?

Colm.


>
>
> So in summary, if you want to try this, I would suggest please go ahead
> since it's doable now. Please let me know if you have other questions.
>
> Regards,
> Kai
>
> -----Original Message-----
> From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
> Sent: Thursday, June 16, 2016 5:54 PM
> To: kerby@directory.apache.org
> Subject: JWT pre-authentication - get JWT token on service side
>
> Hi all,
>
> For the JWT pre-authentication use-case, how can I get access to the token
> information on the service side?
>
> From the documentation: "The service authenticates the ticket, extracts
> the token derivation, then enforce any advanced authorization by employing
> the token derivation and token attributes"
>
> Is there an example in the code to look at?
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message