Thanks Kai. A few questions below. On Thu, Jun 16, 2016 at 11:33 AM, Zheng, Kai <kai.zh...@intel.com> wrote:
> > 1. For issuing service ticket, the token used to do the authentication or > a token derivation was put into the issued service ticket as authorization > data. I'm not sure in current Kerby impl, it has done this or not. If not, > it should be not difficult to support it, considering we have some Kerby > authorization support now. > I can take a look at this. Can you give me some pointers in the code so that I know where to start? > > 2. In application server side, it should be able to query and extract out > the token encapsulated in the authorization data field in the service > ticket. This should be doable now, because a proposal from me quite some > ago had already been accepted by Oracle Java, as recorded in the following > ticket, though I hadn't got the chance to verify it using latest JDK update > like JDK8. > > JDK-8044085, our extension proposal accepted and committed: allowing > querying authorization data field of service ticket. > https://bugs.openjdk.java.net/browse/JDK-8044085 The JDK service ticket only refers to SASL. If I'm just using GSS on the service side, is it already supported? If so, how can I extract it? Colm. > > > So in summary, if you want to try this, I would suggest please go ahead > since it's doable now. Please let me know if you have other questions. > > Regards, > Kai > > -----Original Message----- > From: Colm O hEigeartaigh [mailto:cohei...@apache.org] > Sent: Thursday, June 16, 2016 5:54 PM > To: kerby@directory.apache.org > Subject: JWT pre-authentication - get JWT token on service side > > Hi all, > > For the JWT pre-authentication use-case, how can I get access to the token > information on the service side? > > From the documentation: "The service authenticates the ticket, extracts > the token derivation, then enforce any advanced authorization by employing > the token derivation and token attributes" > > Is there an example in the code to look at? > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
