On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana <[email protected]>wrote:
> The client principal name is accessible via the MessageContext.. we need to > populate CarbonContext.. What I learned from AmilaJ is that client principal name is not available if we only use Kerbros. Basically what kerboros says is that a valid user has send the message. thanks, Amila. > > Thanks & regards, > -Prabath > > > On Fri, Feb 25, 2011 at 12:20 PM, Amila Jayasekara <[email protected]>wrote: > >> On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi <[email protected]> >> wrote: >> > When a user authenticated using kerboros, is the user name available to >> the >> > server? >> >> Hi Amila, >> As far as i know the client only sends a Kerberos token. I am not sure >> whether client principal name is in it. Thus as per now user name is >> not available to the server. If user name is needed we need to use a >> user name token as a supporting token in kerberos policy. >> >> Thanks >> AmilaJ >> >> > if so can the service get the user name with CarbonContext.getUserName() >> > >> > thanks, >> > Amila. >> > >> > On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <[email protected]> >> wrote: >> >> >> >> Hi All, >> >> As some of you may know, there is a Kerberos KDC server with latest IS >> >> build. In-order to complete the use case we added kerberos based >> >> security scenario to security-mgt component. Now there is a security >> >> scenario 16. See screen-shot for more details. Now users can easily >> >> secure services using Kerberos security policy by selecting scenario >> >> 16. >> >> But this change is not yet in trunk as kerberos related rampart >> >> changes are not yet in trunk (Currently i am doing changes in 3.0.1 >> >> support branch). But hopefully by next week we will be adding these >> >> changes to the trunk. >> >> >> >> Please review the attached screen shot and let me know, if any of the >> >> text needs to be changed. >> >> >> >> Also we need to add two more config files to support, scenario 16. >> >> They are krb5.conf (Contains parameters related to requesting ticket) >> >> and jaas.conf (Authorization properties). >> >> I am planning to add above mentioned files to esb's conf directory. >> >> Please let me know if you have any concerns. >> >> >> >> Also i have a sample which demonstrate the use of KDC in IS and usage >> >> of scenario 16, in esb. Since this sample is related to 2 products, i >> >> am not sure where should i place the sample. Will be great if you >> >> could give feedback on where to place sample program (In IS or ESB ?). >> >> >> >> Thanks >> >> AmilaJ >> >> >> >> _______________________________________________ >> >> Carbon-dev mailing list >> >> [email protected] >> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> >> > >> > >> _______________________________________________ >> Carbon-dev mailing list >> [email protected] >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
