I wrote a blog post + provided a test case for JWT using JAAS - it might be helpful to you:
http://coheigea.blogspot.com/2017/09/integrating-json-web-tokens-with.html Colm. On Wed, May 30, 2018 at 3:12 PM, Kamil Krzysztof Krynicki < [email protected]> wrote: > Hello all, > > I've come across a conversation between Colm and Zheng on this mailing > list from June and July 2016 titled "JWT pre-authentication - get JWT token > on service side" that touches upon the subject of extracting the token > from the sgt client side and sending it to the service. > > The final suggestion was to use: > > > @Test > @org.junit.Ignore > public void testKerbyClientAndGssService() throws Exception { > KrbClient client = getKrbClient(); > client.init(); > > try { > // Get a service ticket using Kerby APIs > TgtTicket tgt = client.requestTgt(getClientPrincipal(), > getClientPassword()); > Assert.assertTrue(tgt != null); > > SgtTicket tkt = client.requestSgt(tgt, getServerPrincipal()); > Assert.assertTrue(tkt != null); > > Credential credential = new Credential(tkt, > tgt.getClientPrincipal()); > CredentialCache cCache = new CredentialCache(); > cCache.addCredential(credential); > cCache.setPrimaryPrincipal(tgt.getClientPrincipal()); > > ByteArrayOutputStream bout = new ByteArrayOutputStream(); > CredCacheOutputStream os = new CredCacheOutputStream(bout); > cCache.store(bout); > os.close(); > > // Now validate the ticket using GSS > validateServiceTicket(bout.toByteArray()); > } catch (Exception e) { > e.printStackTrace(); > Assert.fail(); > } > } > > > > But this does not seem to work on my system. I get same error Colm > mentions: > > GSSException: Defective token detected (Mechanism level: GSSHeader did not > find the right tag) > > The same issue appears when I obtain it directly from > > sgt.getTicket().encode() > > Has there been an improvement in this regard? Is there any direct and > simple way to obtain the ticket client side using only Kerby API? If not, > what is the recommended approach at this time? > > Btw. I encode the bytes using: > > new String(Base64.getEncoder().encode(bout.toByteArray()), > StandardCharsets.UTF_8).replaceAll("\n", ""); > > and add them to the header under > > Authorization: Negotiate + token > > Cheers, > > Kamil Krynicki > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
