Hi I'm implementing Kerberos communication between java (GSSAPI) to C#(SSPI).
The KDC is an Active Directory. When it comes to Java client vs Java server and C# client vs C# Server, for both the scenarios this works fine. When using Java client - server the process happens as below and it works fine: * Client uses JAAS and creates TGT in client side * Server uses JAAS and creates TGT in server side * Client uses service principle name of the server to create the context and using that context it invokes initSecContext and creates SGT and pass it to the server * Server uses acceptSecContext() to validate the SGT When using C# client -server the process happens as below and it works fine too * Client creates credentials and invokes init() to create client TGT * Client passes this TGT to the server and server passes this TGT to accept(), to validate the TGT , then generates server TGT and passes it to client * Client gets the TGT from server and passes it to int() to create the SGT * Client passes this SGT to server and server uses accept() to validate the SGT When using C# client - Java server te process happens as below. [1][2] * Client creates credentials and invokes init() to create TGT * Client passes this TGT to the server and server use this TGT and passes it to acceptSecContext() to validate the TGT and to generate server TGT and passes it to client * Client gets the TGT from server and passes it to int() to create the SGT and pass the SGT to server. * Server uses acceptSecContext() to validate the SGT When I'm implementing the third use case it fails to validate the TGT of Java server from the C# client side with the following exception. "Failed to invoke InitializeSecurityContext for a client. The specified principle is not known in the authentication system." [1] https://msdn.microsoft.com/en-us/library/windows/desktop/aa380496(v=vs.85).aspx [2] https://msdn.microsoft.com/en-us/library/ms995352.aspx Any suggestion is highly appreciated to recover this issue. Thanks, Hasanthi Dissanayake Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
