On Mon, Mar 28, 2011 at 7:26 AM, Stefan Mayr wrote:
> Hello everybody,
>
> as many others before we wanted to do single-sign-on for intranet web
> applications using integrated windows authentication (negotiate because IE
> sometimes tries NTLM instead of using plain kerberos - breaking all our
>
Stefan Mayr wrote:
Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
your scale of "little". Is there already some development we can follow?
Will this use Java GSS? I never figured out how to configure this with
Tomcat.
If you are in a hurry, you may want to have a l
On 29/03/2011 21:18, Borut Hadžialić wrote:
> On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas wrote:
>> It is in scope with the caveat - as always - that it depends on what the
>> final implementation looks like. I do know (from debug logging) that
>> right now tokens do not allow delegation. I suspe
On Tue, Mar 29, 2011 at 9:57 PM, Mark Thomas wrote:
> It is in scope with the caveat - as always - that it depends on what the
> final implementation looks like. I do know (from debug logging) that
> right now tokens do not allow delegation. I suspect the hardest part of
> implementing this will b
On 29/03/2011 20:47, Borut Hadžialić wrote:
> Would adding support for client credential delegation be out of scope
> for this implementation or not?
It is in scope with the caveat - as always - that it depends on what the
final implementation looks like. I do know (from debug logging) that
right
Whoops, i reversed the condition of the if statement, it should be:
//check if the credentials can be delegated
if (context.getCredDelegState()) {
...
}
On Tue, Mar 29, 2011 at 9:47 PM, Borut Hadžialić
wrote:
> Would adding support for client credential delegation be out of scope
> for this impl
Would adding support for client credential delegation be out of scope
for this implementation or not?
Client credential delegation is when you use the spnego token
construct a javax.security.auth.Subject instance that represents the
client - which the server side application can use this to impers
On 29/03/2011 15:20, Mark Thomas wrote:
> On 28/03/2011 22:31, Stefan Mayr wrote:
>> Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
>> your scale of "little". Is there already some development we can follow?
>> Will this use Java GSS? I never figured out how to configure th
On 28/03/2011 22:31, Stefan Mayr wrote:
> Native SPNEGO in Tomcat sounds great. Waiting a little while depends on
> your scale of "little". Is there already some development we can follow?
> Will this use Java GSS? I never figured out how to configure this with
> Tomcat.
"little" hopefully means t
Hi Mark,
Am 28.03.2011 10:49, schrieb Mark Thomas:
On 28/03/2011 08:42, Borut Hadžialić wrote:
Hellos Stefan,
if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
http://blog.springsource.com/2009/09/28/spring-s
> I should have SPNEGO support in Tomcat 7 fairly soon.
This would be great!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
On 28/03/2011 08:42, Borut Hadžialić wrote:
> Hellos Stefan,
>
> if you can't fix your problem with configuration and decide that you
> want to solve the problem by programming, then this might help you
> http://blog.springsource.com/2009/09/28/spring-security-kerberos/
> After understanding that
Hellos Stefan,
if you can't fix your problem with configuration and decide that you
want to solve the problem by programming, then this might help you
http://blog.springsource.com/2009/09/28/spring-security-kerberos/
After understanding that article a developer should be able to add a
SPNEGO imple
Hello everybody,
as many others before we wanted to do single-sign-on for intranet web
applications using integrated windows authentication (negotiate because
IE sometimes tries NTLM instead of using plain kerberos - breaking all
our kerberos-only experiments).
We thought that IIS would be t
14 matches
Mail list logo
