Am 2015-11-20 um 01:01 schrieb Marc Boorshtein:
After you have successfully impersonated the user principal, perform your
HTTP request in a PriviledgedAction with Subject#doAs. That should do.
Thanks Micahael. Ill give this a try. Which kerberos server did you try
this against? I tried
Am 2015-11-20 um 20:14 schrieb Marc Boorshtein:
Thanks Michael. I haven't tried this code with AD but with FreeIPA Java is
looking for the flags on the TGS-REP to be the same as in the TGS-REQ
(which seems wrong to me since its only checking this on the s4u response,
not a generic TGS-REQ I'm
Thanks Michael. I haven't tried this code with AD but with FreeIPA Java is
looking for the flags on the TGS-REP to be the same as in the TGS-REQ
(which seems wrong to me since its only checking this on the s4u response,
not a generic TGS-REQ I'm guessing this is a bug in Java's
implementation).
>
> After you have successfully impersonated the user principal, perform your
HTTP request in a PriviledgedAction with Subject#doAs. That should do.
>
Thanks Micahael. Ill give this a try. Which kerberos server did you try
this against? I tried using another example with red hats ipa (I think