In fact the client principal is available for the service end - that is how we do XACML authorization based on the client principal..
Thanks & regards, -Prabath On Fri, Feb 25, 2011 at 12:30 PM, Amila Suriarachchi <[email protected]> wrote: > > > On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana <[email protected]>wrote: > >> The client principal name is accessible via the MessageContext.. we need >> to populate CarbonContext.. > > > What I learned from AmilaJ is that client principal name is not available > if we only use Kerbros. > Basically what kerboros says is that a valid user has send the message. > > thanks, > Amila. > >> >> Thanks & regards, >> -Prabath >> >> >> On Fri, Feb 25, 2011 at 12:20 PM, Amila Jayasekara <[email protected]>wrote: >> >>> On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi <[email protected]> >>> wrote: >>> > When a user authenticated using kerboros, is the user name available to >>> the >>> > server? >>> >>> Hi Amila, >>> As far as i know the client only sends a Kerberos token. I am not sure >>> whether client principal name is in it. Thus as per now user name is >>> not available to the server. If user name is needed we need to use a >>> user name token as a supporting token in kerberos policy. >>> >>> Thanks >>> AmilaJ >>> >>> > if so can the service get the user name with >>> CarbonContext.getUserName() >>> > >>> > thanks, >>> > Amila. >>> > >>> > On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <[email protected]> >>> wrote: >>> >> >>> >> Hi All, >>> >> As some of you may know, there is a Kerberos KDC server with latest IS >>> >> build. In-order to complete the use case we added kerberos based >>> >> security scenario to security-mgt component. Now there is a security >>> >> scenario 16. See screen-shot for more details. Now users can easily >>> >> secure services using Kerberos security policy by selecting scenario >>> >> 16. >>> >> But this change is not yet in trunk as kerberos related rampart >>> >> changes are not yet in trunk (Currently i am doing changes in 3.0.1 >>> >> support branch). But hopefully by next week we will be adding these >>> >> changes to the trunk. >>> >> >>> >> Please review the attached screen shot and let me know, if any of the >>> >> text needs to be changed. >>> >> >>> >> Also we need to add two more config files to support, scenario 16. >>> >> They are krb5.conf (Contains parameters related to requesting ticket) >>> >> and jaas.conf (Authorization properties). >>> >> I am planning to add above mentioned files to esb's conf directory. >>> >> Please let me know if you have any concerns. >>> >> >>> >> Also i have a sample which demonstrate the use of KDC in IS and usage >>> >> of scenario 16, in esb. Since this sample is related to 2 products, i >>> >> am not sure where should i place the sample. Will be great if you >>> >> could give feedback on where to place sample program (In IS or ESB ?). >>> >> >>> >> Thanks >>> >> AmilaJ >>> >> >>> >> _______________________________________________ >>> >> Carbon-dev mailing list >>> >> [email protected] >>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >>> > >>> > >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
