[
https://jira.jboss.org/jira/browse/SECURITY-131?page=com.atlassian.jira.p...
]
Anil Saldhana commented on SECURITY-131:
----------------------------------------
http://www.jboss.org/index.html?module=bb&op=viewtopic&t=150953 has a comment
===================
The ticket needs to be forwardable. If it is, in firefox, you add your website to the
trusted URIs for delegation ( in about:config). At this point, you should see
"context.getDelegState()=true" in the logs.
The missing bit in the jboss-negotiation project is to get the delegated credendentials
and store them in the private credentials of the Subject in the SPNEGOLoginModule. It
needs to be destroyed or cleared in the logout method.
Then, you will need to manage yourself the kerberos ticket and implement yourself the
WS-kerberos (if your webservice is using a HTTP binding, i suppose it would be easy to
secure the webservice via spnego). Jboss does not implement these things for you so, you
have to take care of the ticket renewal and propagation...
WS-Kerberos
-----------
Key: SECURITY-131
URL:
https://jira.jboss.org/jira/browse/SECURITY-131
Project: JBoss Security and Identity Management
Issue Type: Task
Security Level: Public(Everyone can see)
Components: Negotiation
Reporter: Darran Lofthouse
Assignee: Darran Lofthouse
Fix For: Negotiation_2.0.4.GA
Both incomming and outbound.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira