This support is based on the Kerberos v5 enhancement provided in
Kerberos delegation is supported in wss4j since 1.6.17 so this feature requires upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
The changes in rampart uses the wss4j capabilities.Rampart's kerberos configuration is enhanced with two new settings - one for requesting a kerberos delegation credential and one for setting such. When the latter is set, rampart requests a Kerberos security token on behalf of the user for which the credentials are.
The provided implementation also includes a corresponding integration test. ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is requested.Because of that, the existing kerberos tests are also made to work with the newer ApacheDS version.