hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ka-Lok Fung (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HTTPCLIENT-1540) Support delegated credentials (ISC_REQ_DELEGATE) via ClientWinAuth
Date Thu, 14 Aug 2014 13:36:12 GMT

    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1540?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14096959#comment-14096959
] 

Ka-Lok Fung commented on HTTPCLIENT-1540:
-----------------------------------------

Good point. Looking at our records, my company has already signed the Apache corporate CLA
but AFAIK this would be the first time we would be contributing fixes toward Apache HttpComponents.
Our company requires separate approval for each individual outbound project.

> Support delegated credentials (ISC_REQ_DELEGATE) via ClientWinAuth
> ------------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1540
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1540
>             Project: HttpComponents HttpClient
>          Issue Type: Improvement
>          Components: HttpAuth
>    Affects Versions: 4.4 Alpha1
>         Environment: Windows
>            Reporter: Ka-Lok Fung
>             Fix For: 4.4 Final
>
>
> If you use this Wikipedia graphic as a reference, http://en.wikipedia.org/wiki/Kerberos_(protocol)#mediaviewer/File:Kerberos.svg,
the current implementation in HttpClient 4.4alpha1 does the first (red) and last (green) steps
but it doesn't do the middle one (middle). By adding a parameter, it won't skip out on the
middle step (where the Windows LSA will ask the Windows domain controller to generate a ticket-granting-ticket
for the requested service).
> In {{WindowsNegotiateScheme.getToken()}}, the change would be to update {{Sspi.ISC_REQ_CONNECTION}}
to {{Sspi.ISC_REQ_CONNECTION | Sspi.ISC_REQ_DELEGATE}}.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message