[jboss-jira] [JBoss JIRA] Created: (SECURITY-352) Cache Server Subject

Cache Server Subject -------------------- Key: SECURITY-352 URL: https://jira.jboss.org/jira/browse/SECURITY-352 Project: JBoss Security and Identity Management Issue Type: Feature Request Security Level: Public (Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Assignee: Darran Lofthouse Fix For: Negotiation_2.0.4.GA Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue) One request for each of the SPNEGO round trips and then one request for the LDAP search. Attempts to make use of a local ticket cache failed: - <!-- <module-option name="useTicketCache">true</module-option> <module-option name="renewTGT">true</module-option> <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option> --> As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO. <module-option name="storeKey">true</module-option> A mechanism to cache the server subject is needed. The expiration time of the ticket can be obtained to decide how long to cache the ticket for: - Set<Object> privateCredentials = serverSubject.getPrivateCredentials(); for (Object current : privateCredentials) { if (current instanceof KerberosTicket) { KerberosTicket ticket = (KerberosTicket) current; System.out.println(ticket.getEndTime()); } } -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira