Cache Server Subject -------------------- Key: SECURITY-352 URL: https://issues.jboss.org/browse/SECURITY-352 Project: PicketBox Issue Type: Feature Request Security Level: Public(Everyone can see) Components: Negotiation Reporter: Darran Lofthouse Fix For: Negotiation_2_1_7 Each authentication process currently has 3 AS-REQ requests (6 if pre-auth is an issue) One request for each of the SPNEGO round trips and then one request for the LDAP search. Attempts to make use of a local ticket cache failed: - <!-- <module-option name="useTicketCache">true</module-option> <module-option name="renewTGT">true</module-option> <module-option name="ticketCache">/home/darranl/src/negotiation-as/jboss-4.2.2.GA-AD/testserver.cache</module-option> --> As the keytab had not been read it meant that the requirements for storeKey were not met, this is needed for SPNEGO. <module-option name="storeKey">true</module-option> A mechanism to cache the server subject is needed. The expiration time of the ticket can be obtained to decide how long to cache the ticket for: - Set<Object> privateCredentials = serverSubject.getPrivateCredentials(); for (Object current : privateCredentials) { if (current instanceof KerberosTicket) { KerberosTicket ticket = (KerberosTicket) current; System.out.println(ticket.getEndTime()); } }