I have developed a java client that is able to successfully commit transactions
to FreeIPA using the json/rpc API. If it is useful, I could abstract all this
and package it up to share. But I am seeing some interesting things - some of
it may be my lack of experience using HttpClient but I wanted to run it by the
list to see what should be expected.
I have been following Alexander’s guidelines
I am able to establish a kerberized connection to
https://hostname/ipa/session/login_kerberos with the HttpClient,
Krb5LoginModule, using AuthSchemes.SPNEGO, proper referer header, and jaas
config. The connection is successful and I am caching the ipa-session cookie
string for subsequent use (sending a second command). I am performing this as a
After successful authentication, I send a second transaction - a typical “list
users” json formatted command to the server at https://hostname/ipa/json. I
first attempted this without implementing PrivilegedAction since Alexander’s
guide indicated I did NOT need to do any more authentication once I had a
session key. I added a cookie header to a plain https transaction with the
session cookie. This did not work - which surprised me. The app actually
prompted me at this point for login credentials. Any thoughts here?
I decided to create a new PrivilegedAction class to send subsequent json
transactions to the server. I moved my code for the 2nd connection in there.
This works. But as a test, I commented out instructions to explicitly add the
session cookie to the transaction. And it still works. I found that I do not
explicitly have to add the cookie header. I am assuming that HttpClient
natively handles cookies without explicit interaction.
Anyone with any HttpClient experience that could shed some light on some of the
behaviors and whether they should be expected?
It does appear that I have a working client in any case.
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code