Uploaded image for project: 'Rampart'
  1. Rampart
  2. RAMPART-433

Support for Kerberos v5 delegated authentication

    XMLWordPrintableJSON

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.6.2
    • Fix Version/s: 1.8.0
    • Component/s: rampart-core
    • Labels:

      Description

      This support is based on the Kerberos v5 enhancement provided in RAMPART-417.

      Kerberos delegation is supported in wss4j since 1.6.17 so this feature requires upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
      The changes in rampart uses the wss4j capabilities.Rampart's kerberos configuration is enhanced with two new settings - one for requesting a kerberos delegation credential and one for setting such. When the latter is set, rampart requests a Kerberos security token on behalf of the user for which the credentials are.

      The provided implementation also includes a corresponding integration test. ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is requested.Because of that, the existing kerberos tests are also made to work with the newer ApacheDS version.

        Attachments

        1. bob.keytab
          0.3 kB
          Boris Dushanov
        2. alice.keytab
          0.7 kB
          Boris Dushanov
        3. rampart_kerberos_delegation_with_keytab_instructions.patch
          165 kB
          Boris Dushanov

          Issue Links

            Activity

              People

              • Assignee:
                veithen Andreas Veithen
                Reporter:
                b.dushanov Boris Dushanov
              • Votes:
                1 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: