[RAMPART-433] Support for Kerberos v5 delegated authentication - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 1.6.2
Fix Version/s: 1.8.0
Component/s: rampart-core
Labels:
- Patch

Description

This support is based on the Kerberos v5 enhancement provided in ~~RAMPART-417~~.

Kerberos delegation is supported in wss4j since 1.6.17 so this feature requires upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
The changes in rampart uses the wss4j capabilities.Rampart's kerberos configuration is enhanced with two new settings - one for requesting a kerberos delegation credential and one for setting such. When the latter is set, rampart requests a Kerberos security token on behalf of the user for which the credentials are.

The provided implementation also includes a corresponding integration test. ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is requested.Because of that, the existing kerberos tests are also made to work with the newer ApacheDS version.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

rampart_kerberos_delegation_with_keytab_instructions.patch
27/May/16 14:20
165 kB
Boris Dushanov
alice.keytab
27/May/16 14:20
0.7 kB
Boris Dushanov
bob.keytab
27/May/16 14:20
0.3 kB
Boris Dushanov

Issue Links

requires

RAMPART-417 Support for transport binding Kerberos v5 authentication

Resolved

Activity

People

Assignee:: Andreas Veithen

Reporter:: Boris Dushanov

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/May/16 08:31

Updated:: 29/Jan/17 00:07

Resolved:: 29/Jan/17 00:07