On Fri, Feb 25, 2011 at 1:39 PM, Amila Jayasekara <[email protected]> wrote:
> On Fri, Feb 25, 2011 at 12:37 PM, Prabath Siriwardana <[email protected]> > wrote: > > In fact the client principal is available for the service end - that is > how > > we do XACML authorization based on the client principal.. > > How are we extracting client principal name from the incomming > kerberos token ? Is it in the kerberos token ? > Yes... you can access it as following.. msgContext.getOptions().getProperty("client.principal.name"); Thanks & regards, -Prabath > > Thanks > AmilaJ > > > Thanks & regards, > > -Prabath > > > > On Fri, Feb 25, 2011 at 12:30 PM, Amila Suriarachchi <[email protected]> > wrote: > >> > >> > >> On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana <[email protected] > > > >> wrote: > >>> > >>> The client principal name is accessible via the MessageContext.. we > need > >>> to populate CarbonContext.. > >> > >> What I learned from AmilaJ is that client principal name is not > available > >> if we only use Kerbros. > >> Basically what kerboros says is that a valid user has send the message. > >> > >> thanks, > >> Amila. > >>> > >>> Thanks & regards, > >>> -Prabath > >>> > >>> On Fri, Feb 25, 2011 at 12:20 PM, Amila Jayasekara <[email protected]> > >>> wrote: > >>>> > >>>> On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi <[email protected]> > >>>> wrote: > >>>> > When a user authenticated using kerboros, is the user name available > >>>> > to the > >>>> > server? > >>>> > >>>> Hi Amila, > >>>> As far as i know the client only sends a Kerberos token. I am not sure > >>>> whether client principal name is in it. Thus as per now user name is > >>>> not available to the server. If user name is needed we need to use a > >>>> user name token as a supporting token in kerberos policy. > >>>> > >>>> Thanks > >>>> AmilaJ > >>>> > >>>> > if so can the service get the user name with > >>>> > CarbonContext.getUserName() > >>>> > > >>>> > thanks, > >>>> > Amila. > >>>> > > >>>> > On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara <[email protected] > > > >>>> > wrote: > >>>> >> > >>>> >> Hi All, > >>>> >> As some of you may know, there is a Kerberos KDC server with latest > >>>> >> IS > >>>> >> build. In-order to complete the use case we added kerberos based > >>>> >> security scenario to security-mgt component. Now there is a > security > >>>> >> scenario 16. See screen-shot for more details. Now users can easily > >>>> >> secure services using Kerberos security policy by selecting > scenario > >>>> >> 16. > >>>> >> But this change is not yet in trunk as kerberos related rampart > >>>> >> changes are not yet in trunk (Currently i am doing changes in 3.0.1 > >>>> >> support branch). But hopefully by next week we will be adding these > >>>> >> changes to the trunk. > >>>> >> > >>>> >> Please review the attached screen shot and let me know, if any of > the > >>>> >> text needs to be changed. > >>>> >> > >>>> >> Also we need to add two more config files to support, scenario 16. > >>>> >> They are krb5.conf (Contains parameters related to requesting > ticket) > >>>> >> and jaas.conf (Authorization properties). > >>>> >> I am planning to add above mentioned files to esb's conf directory. > >>>> >> Please let me know if you have any concerns. > >>>> >> > >>>> >> Also i have a sample which demonstrate the use of KDC in IS and > usage > >>>> >> of scenario 16, in esb. Since this sample is related to 2 products, > i > >>>> >> am not sure where should i place the sample. Will be great if you > >>>> >> could give feedback on where to place sample program (In IS or ESB > >>>> >> ?). > >>>> >> > >>>> >> Thanks > >>>> >> AmilaJ > >>>> >> > >>>> >> _______________________________________________ > >>>> >> Carbon-dev mailing list > >>>> >> [email protected] > >>>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>>> >> > >>>> > > >>>> > > >>>> _______________________________________________ > >>>> Carbon-dev mailing list > >>>> [email protected] > >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > >>> > >>> > >>> > >>> -- > >>> Thanks & Regards, > >>> Prabath > >>> > >>> http://blog.facilelogin.com > >>> http://RampartFAQ.com > >> > > > > > > > > -- > > Thanks & Regards, > > Prabath > > > > http://blog.facilelogin.com > > http://RampartFAQ.com > > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
