On Fri, Feb 25, 2011 at 1:53 PM, Prabath Siriwardana <[email protected]>wrote:
> > > On Fri, Feb 25, 2011 at 1:39 PM, Amila Jayasekara <[email protected]> wrote: > >> On Fri, Feb 25, 2011 at 12:37 PM, Prabath Siriwardana <[email protected]> >> wrote: >> > In fact the client principal is available for the service end - that is >> how >> > we do XACML authorization based on the client principal.. >> >> How are we extracting client principal name from the incomming >> kerberos token ? Is it in the kerberos token ? >> > > Yes... you can access it as following.. > > msgContext.getOptions().getProperty("client.principal.name"); > I think need to have one property which is set by Carbon Authentication manager, UT, Kerborose etc.. and CarbonContext should read from that. thanks, Amila. > > Thanks & regards, > -Prabath > > >> >> Thanks >> AmilaJ >> >> > Thanks & regards, >> > -Prabath >> > >> > On Fri, Feb 25, 2011 at 12:30 PM, Amila Suriarachchi <[email protected]> >> wrote: >> >> >> >> >> >> On Fri, Feb 25, 2011 at 12:27 PM, Prabath Siriwardana < >> [email protected]> >> >> wrote: >> >>> >> >>> The client principal name is accessible via the MessageContext.. we >> need >> >>> to populate CarbonContext.. >> >> >> >> What I learned from AmilaJ is that client principal name is not >> available >> >> if we only use Kerbros. >> >> Basically what kerboros says is that a valid user has send the message. >> >> >> >> thanks, >> >> Amila. >> >>> >> >>> Thanks & regards, >> >>> -Prabath >> >>> >> >>> On Fri, Feb 25, 2011 at 12:20 PM, Amila Jayasekara <[email protected]> >> >>> wrote: >> >>>> >> >>>> On Fri, Feb 25, 2011 at 11:34 AM, Amila Suriarachchi <[email protected] >> > >> >>>> wrote: >> >>>> > When a user authenticated using kerboros, is the user name >> available >> >>>> > to the >> >>>> > server? >> >>>> >> >>>> Hi Amila, >> >>>> As far as i know the client only sends a Kerberos token. I am not >> sure >> >>>> whether client principal name is in it. Thus as per now user name is >> >>>> not available to the server. If user name is needed we need to use a >> >>>> user name token as a supporting token in kerberos policy. >> >>>> >> >>>> Thanks >> >>>> AmilaJ >> >>>> >> >>>> > if so can the service get the user name with >> >>>> > CarbonContext.getUserName() >> >>>> > >> >>>> > thanks, >> >>>> > Amila. >> >>>> > >> >>>> > On Thu, Feb 24, 2011 at 11:36 PM, Amila Jayasekara < >> [email protected]> >> >>>> > wrote: >> >>>> >> >> >>>> >> Hi All, >> >>>> >> As some of you may know, there is a Kerberos KDC server with >> latest >> >>>> >> IS >> >>>> >> build. In-order to complete the use case we added kerberos based >> >>>> >> security scenario to security-mgt component. Now there is a >> security >> >>>> >> scenario 16. See screen-shot for more details. Now users can >> easily >> >>>> >> secure services using Kerberos security policy by selecting >> scenario >> >>>> >> 16. >> >>>> >> But this change is not yet in trunk as kerberos related rampart >> >>>> >> changes are not yet in trunk (Currently i am doing changes in >> 3.0.1 >> >>>> >> support branch). But hopefully by next week we will be adding >> these >> >>>> >> changes to the trunk. >> >>>> >> >> >>>> >> Please review the attached screen shot and let me know, if any of >> the >> >>>> >> text needs to be changed. >> >>>> >> >> >>>> >> Also we need to add two more config files to support, scenario 16. >> >>>> >> They are krb5.conf (Contains parameters related to requesting >> ticket) >> >>>> >> and jaas.conf (Authorization properties). >> >>>> >> I am planning to add above mentioned files to esb's conf >> directory. >> >>>> >> Please let me know if you have any concerns. >> >>>> >> >> >>>> >> Also i have a sample which demonstrate the use of KDC in IS and >> usage >> >>>> >> of scenario 16, in esb. Since this sample is related to 2 >> products, i >> >>>> >> am not sure where should i place the sample. Will be great if you >> >>>> >> could give feedback on where to place sample program (In IS or ESB >> >>>> >> ?). >> >>>> >> >> >>>> >> Thanks >> >>>> >> AmilaJ >> >>>> >> >> >>>> >> _______________________________________________ >> >>>> >> Carbon-dev mailing list >> >>>> >> [email protected] >> >>>> >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >>>> >> >> >>>> > >> >>>> > >> >>>> _______________________________________________ >> >>>> Carbon-dev mailing list >> >>>> [email protected] >> >>>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >>> >> >>> >> >>> >> >>> -- >> >>> Thanks & Regards, >> >>> Prabath >> >>> >> >>> http://blog.facilelogin.com >> >>> http://RampartFAQ.com >> >> >> > >> > >> > >> > -- >> > Thanks & Regards, >> > Prabath >> > >> > http://blog.facilelogin.com >> > http://RampartFAQ.com >> > >> > > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
