Hi Paul Thank you for your answer. Maybe i wasn't clear, but we do not have problems with direct user authentication, as we use ADFS and OAuth (Token format JWT) to authenticate users. Our problem is the authentication between webservices and web applications that running under group managed service accounts (gMSA) and we strongly want to use that feature, because so we do not have to manage passwords for those accounts.
I found a kerberos library https://github.com/jcmturner/gokrb5 that looks very promising, but I do not know how to get a keytab for a group managed service account. Cheers, Sandro Am Sonntag, 10. Dezember 2017 01:51:11 UTC+1 schrieb oldCoderException: > > I can't comment on authenticating a go client against windoze services, > but we use both LDAP and Active Directory (AD) extensively and authenticate > our users, as well as add and modify them to those services using Go all > the time. We use this excellent package: > https://godoc.org/gopkg.in/ldap.v2 and use straight LDAP calls both to > authenticate against and update AD. All of our Go based web applications > allow our users to authenticate against any of multiple LDAP and AD servers > in a "federated fashion", trying the servers with the credentials > supplied. Hope this helps. > > cheers, > Paul > > On Saturday, 9 December 2017 14:59:41 UTC-8, snmed wrote: >> >> Hi all >> >> We are primarly working in a windows environment and developing web >> services as well as web applications. At the moment we're using C# as our >> main language, but we consider to >> switch to go for the web services. There is one major uncertainty which >> hinders us to proceed with our idea, we using Group Managed Service >> Accounts to authenticate applications and >> services. Therefore we need to handle windows authentication on server >> and client side. >> >> Has anyone a similar use case and has already solved it? Is there a well >> documented package which can be used to protect a http.Handler and verify a >> user with windows authentication? >> And is there a package that can be used to authenticate a go client >> against a service which is protected with windows authentication. >> >> Any help or advise is warmly welcome. >> >> Cheers >> > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
