[
https://issues.apache.org/jira/browse/RAMPART-433?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Boris Dushanov updated RAMPART-433:
-----------------------------------
Description:
This support is based on the Kerberos v5 enhancement provided in RAMPART-417.
Kerberos delegation is supported in wss4j since 1.6.17 so this feature requires
upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
The changes in rampart uses the wss4j capabilities.Rampart's kerberos
configuration is enhanced with two new settings - one for requesting a kerberos
delegation credential and one for setting such. When the latter is set, rampart
requests a Kerberos security token on behalf of the user for which the
credentials are.
The provided implementation also includes a corresponding integration test.
ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is
requested.Because of that, the existing kerberos tests are also made to work
with the newer ApacheDS version.
was:
This support is based on the Kerberos v5 enhancement provided in RAMPART-417.
Kerberos delegation is supported in wss4j since 1.6.17 so this support requires
upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
The changes in rampart uses the wss4j capabilities.It enhances rampart's
kerberos configuration with two new settings - one for requesting a kerberos
delegation credential and one for setting such. When the latter is set, rampart
requests a Kerberos security token on behalf of the subject for which the
credentials are.
The provided implementation also includes a corresponding integration test.An
update to Apache DS 2.0 is needed because of an issue in 1.5.7 which is seen
when delegation credential is requested.
> Support for Kerberos v5 delegated authentication
> ------------------------------------------------
>
> Key: RAMPART-433
> URL: https://issues.apache.org/jira/browse/RAMPART-433
> Project: Rampart
> Issue Type: New Feature
> Components: rampart-core
> Affects Versions: 1.6.2
> Reporter: Boris Dushanov
> Fix For: 1.8.0
>
> Attachments: rampart_kerberos_delegation.patch
>
>
> This support is based on the Kerberos v5 enhancement provided in RAMPART-417.
> Kerberos delegation is supported in wss4j since 1.6.17 so this feature
> requires upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no
> changes.
> The changes in rampart uses the wss4j capabilities.Rampart's kerberos
> configuration is enhanced with two new settings - one for requesting a
> kerberos delegation credential and one for setting such. When the latter is
> set, rampart requests a Kerberos security token on behalf of the user for
> which the credentials are.
> The provided implementation also includes a corresponding integration test.
> ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is
> requested.Because of that, the existing kerberos tests are also made to work
> with the newer ApacheDS version.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
