Pat Gonzalez

Greenhorn
+ Follow
since Oct 18, 2009
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Pat Gonzalez


Have you looked at this single sign-on project... http://spnego.sourceforge.net/

The setup looks overwhelming but as long as you follow the instructions and just
do what you're told, it's actually pretty straight forward.

11 years ago

Download and try this out to see if it works.

http://spnego.sourceforge.net/hello_spnego.zip

I'm not familiar with CAS but the source code in the .zip file relies on standard Java APIs.

Good luck!
11 years ago

> The point is to let an external client who has signed on their own system,
> giving them the access to my web app without login again

I think in the Kerberos land this is known as having a trust relationship between the two domains/realms.

http://www.kerberos.org/software/tutorial.html (see section 3.1)

An example in MS Active Directory...

http://technet.microsoft.com/en-us/library/cc775736(WS.10).aspx

Good luck!
11 years ago

It is true that Spring's spnego auth can only be used with a keytab.

However, to be more precise, a keytab is NOT essential nor required for Kerberos authentication.

It seems that according to the spec, shared secrets are handled at the protocol level (http://tools.ietf.org/html/rfc4120).

For example, the KDC necessarily knows the password for both the client and the server.

Hence, the shared secret problem is solved.

Here's an open source project that enables single sign-on for java web apps that does not require a keytab:

http://spnego.sourceforge.net

11 years ago

This is great. Are you planning on open source-ing your code?

I hope you will also be able to fix/solve this other problem for everyone...

http://forums.sun.com/thread.jspa?threadID=5385184&tstart=0

As an alternative for other readers, if you are on Java 6 or higher,
you may want to consider this other open source project if you
need to get single sign-on working in your java apps:

http://spnego.sourceforge.net

Good luck!

11 years ago

I think the issue might be that the client (ServiceSoapStub, etc.) you are using does not know how to talk Kerberos.

I'm not certain but there's probably a way to do it if you search through the websphere docs for words like single-sign on, spnego, wsdl, soap client stub, etc.

There is an open source project on sourceforge that might be of some interest. The project is meant to be a server side project but the library has a stand alone client piece that can be used against any server.

http://spnego.sourceforge.net/protected_soap_service.html

It also has two (a working example) java files that you can compile and try out on your server:

http://spnego.sourceforge.net/SpnegoHelloClient.java
http://spnego.sourceforge.net/ExampleSpnegoSOAPClient.java

Good luck!

11 years ago
Have a look at this open source project http://spnego.sourceforge.net/spnego_jboss.html

The project implements http authentication using a servlet filter.

11 years ago
If you don't feel like writing any code to set the user principal, take a look at this open source library...

http://spnego.sourceforge.net

It will set the current principal so that your call to getUserPrincipal() will work.

This project has a bunch of examples to make it as easy as possible to get up an running.
11 years ago
It appears that it did not accept your authentication scheme (Basic Auth).

If the web service supports integrated windows authentication or kerberos, you should be able to use the client from this open source library...

http://spnego.sourceforge.net/protected_soap_service.html
11 years ago
Here's an example, http://spnego.sourceforge.net/protected_soap_service.html, of how to do it from the command-line.

Perhaps you can take the code from the example and make it work for you.
11 years ago
Here's an example, http://spnego.sourceforge.net/protected_soap_service.html, that uses a custom soap client to connect to a protected soap web service.
11 years ago
Here's an example, http://spnego.sourceforge.net/protected_soap_service.html, that uses windows integrated authentication/sso.

Perhaps something in the example might help...?
11 years ago
Take a look at this open source project http://spnego.sourceforge.net I think it is doing what you want.
11 years ago