Edit
Now I know what I need. I need to implement Kerberos protocol transition (S4U2Self) in Java. There are examples in .Net, but none for Java.
There is this third party library Quest Single Sign on for Java that claims to do that. I've downloaded the JAR and it looks good, but I would rather use a custom implementation instead of someone else's code (which have to be paid).
Can anyone give any head start on what needs to be done? Any existing open Java API to handle this?
Thanks
Question before
At the moment my application only knows the user id, and I need to authenticate that user with Kerberos, create a service ticket and use it to access a third party service.
My application needs to act like a proxy, and needs to send requests to the third party service on behalf of the provided user id. This is because there are constraints on other third party applications.
I can't get the password of the given user id in any way, nor get a previous service ticket from the same user id (to forward it). I do know, the credentials of an admin user.
Is there a way to create a service token using just the user id (principal name)?
Maybe some sort of delegation, in which a trusted principal is already authenticated and requests service tickets for other principals?
Thanks
解决方案
S4U2self/S4U2proxy is supposed to be coming in JDK 8:
(His SWIG input file doesn't include gss_acquire_cred_impersonate_name but that's simple to change. Working out how to use it might take me a bit longer.)
810
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
