On Mon, Mar 28, 2011 at 7:26 AM, Stefan Mayr ste...@mayr-stefan.de wrote:
Hello everybody,
as many others before we wanted to do single-sign-on for intranet web
applications using integrated windows authentication (negotiate because IE
sometimes tries NTLM instead of using plain kerberos -
Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of little. Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Tomcat.
If you are in a hurry, you may want to have a
On 28/03/2011 22:31, Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of little. Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Tomcat.
little hopefully means the next
On 29/03/2011 15:20, Mark Thomas wrote:
On 28/03/2011 22:31, Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of little. Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Would adding support for client credential delegation be out of scope
for this implementation or not?
Client credential delegation is when you use the spnego token
construct a javax.security.auth.Subject instance that represents the
client - which the server side application can use this to
Whoops, i reversed the condition of the if statement, it should be:
//check if the credentials can be delegated
if (context.getCredDelegState()) {
...
}
On Tue, Mar 29, 2011 at 9:47 PM, Borut Hadžialić
borut.hadzia...@gmail.com wrote:
Would adding support for client credential delegation be out
On 29/03/2011 20:47, Borut Hadžialić wrote:
Would adding support for client credential delegation be out of scope
for this implementation or not?
It is in scope with the caveat - as always - that it depends on what the
final implementation looks like. I do know (from debug logging) that
right
On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas ma...@apache.org wrote:
It is in scope with the caveat - as always - that it depends on what the
final implementation looks like. I do know (from debug logging) that
right now tokens do not allow delegation. I suspect the hardest part of
On 29/03/2011 21:18, Borut Hadžialić wrote:
On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas ma...@apache.org wrote:
It is in scope with the caveat - as always - that it depends on what the
final implementation looks like. I do know (from debug logging) that
right now tokens do not allow
Hellos Stefan,
if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
http://blog.springsource.com/2009/09/28/spring-security-kerberos/
After understanding that article a developer should be able to add a
SPNEGO
On 28/03/2011 08:42, Borut Hadžialić wrote:
Hellos Stefan,
if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
http://blog.springsource.com/2009/09/28/spring-security-kerberos/
After understanding that
I should have SPNEGO support in Tomcat 7 fairly soon.
This would be great!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Hi Mark,
Am 28.03.2011 10:49, schrieb Mark Thomas:
On 28/03/2011 08:42, Borut Hadžialić wrote:
Hellos Stefan,
if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
Hello everybody,
as many others before we wanted to do single-sign-on for intranet web
applications using integrated windows authentication (negotiate because
IE sometimes tries NTLM instead of using plain kerberos - breaking all
our kerberos-only experiments).
We thought that IIS would be
14 matches
Mail list logo
