Hi Ramesh, As it happens, I've just written a blog post about kerberos credential delegation in (the latest versions) of CXF:
http://coheigea.blogspot.ie/2014/10/kerberos-credential-delegation-support.html The way it works is essentially that the delegated GSSCredential object is stored during validation, and then set via the property "ws-security.delegated. credential". This is then used by the KerberosClient to get a new ticket "on behalf of" this credential. You need to set the correct boolean parameters to enable delegation though as covered in the blog post. Colm. On Mon, Oct 20, 2014 at 9:27 PM, rareddy <[email protected]> wrote: > Hi, > > I have read the > > http://mail-archives.apache.org/mod_mbox/cxf-users/201207.mbox/%3C029F19A0A3828F409E2F145593359C0E0BE40E@MSEMBox1.corporate.intra%3E > thread with great interest and as it is exactly what I am trying to > achieve. > Just the services are different. > > I am working JBoss EAP environment, I have access to the "GSSCredential" > object, I am ready to do the credential delegation to the my SOAP service > which is configured with a policy to accept Kerberos auth. I already > verified that service/auth works when using client configuration as defined > here > > http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part.html > > I see the class "AbstractSpnegoAuthSupplier", but I am failing to configure > an extended class of this as interceptor such that it provides > "KerberosClient" object. As "KerberosClient" object also needs the > "SecretKey". From what I understand I have use "KerberosSecurity" class but > do credential negotiation like "AbstractSpnegoAuthSupplier" then build out > a extended KerberosClient instance and supply in the > "ws-security.kerberos.client" property. > > Can anybody suggest any easier way or tell if my thinking above is correct > or not? > > Thank you very much for your time. > > Ramesh.. > > > > -- > View this message in context: > http://cxf.547215.n5.nabble.com/Kerberos-delegation-using-GssCredential-in-JAXWS-tp5750086.html > Sent from the cxf-user mailing list archive at Nabble.com. > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
