First, I want to apologize for my lack of experience with java (including spring, spring-security, cxf, etc). I might also be asking this question in the wrong place, but I'm happy with all the help I can get. I posted this same question at the spring forum, if they come up with a solution I'll follow up with the conclusion.
I want to create the following situation: A user accesses a website hosted by IIS. From IIS, a WCF service is called, which will call a web service developed using CXF. This service will forward the request to a WebSphere Enterprise Service Bus, which will forward the message to a WebSphere Process Server. IIS (Windows) -> WCF web service (.NET) -> CXF web service (Java) -> WESB -> WPS The WebSphere Process Server should be able to identify the user using a Kerberos token. Therefore, the Kerberos token should be propagated throughout the whole chain. As I have no control over the ESB, I started out with the following scenario: [1] IIS -> [2] WCF webservice -> [3] CXF webservice -> [4] CXF webservice The user credentials are propagated from [1] -> [2] -> [3]. However, I’m unable to call [4], the exception is “Access is denied (user is anonymous)”. In the CXF service [3], I have a KerberosServiceRequestToken, which contains a valid token (e.g. getToken() returns a binary array). However, I have no clue how to invoke the next service using this information (should I create a new LoginContext somehow?). Another poblem is the way the Kerberos token is exchanged. Currently, the token is transmitted over the transport layer (e.g. as a HTTP Header as part of the Negotiation Challenge). WPS expects the Kerberos token to be contained within the SOAP-header. Using WCF, this is straigthforward to implement. However, I haven’t been able to configure CXF to correctly process the soap header. Does anybody know if this is even possible? Thanks in advance, Henk-Jan. -- View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5646577.html Sent from the cxf-user mailing list archive at Nabble.com.
