Hello Keycloak,
I referred to the Keycloak Example - Kerberos Credential Delegation
https://github.com/keycloak/keycloak/tree/master/examples/kerberos and was able to run it
end to end.
I even pointed to our Kerberos environment (Hadoop HDP 2.5) and found it working great.
FLOW:
-------
Hitting the web app URL I get the challenge response header WWW-Authenticate: Negotiate
and then the browser uses GSS-API to load the user's Kerberos ticket from ticket cache
of the form Authorization: Negotiate YII. This works perfectly fine and I am authenticated
via Kerberos and landed up in my web app.
GSSCredential deserializedGssCredential =
org.keycloak.common.util.KerberosSerializationUtils.deserializeCredential(serializedGssCredential);
// Create GSSContext to call other kerberos-secured services
GSSContext context = gssManager.createContext(serviceName,
krb5Oid,deserializedGssCredential, GSSContext.DEFAULT_LIFETIME);
As I am a bit new comer to GSS API I cannot figure out how to use GSSCredential to call
other kerberos-secured services which in my case is Hive Server 2 via JDBC and HDFS.
Is there some reference or examples that I can refer and use the GSSCredential object to
access Kerberized services like Hive Server 2 via JDBC and HDFS?
Many Thanks,
-Nirmal
________________________________
NOTE: This message may contain information that is confidential, proprietary, privileged
or otherwise protected by law. The message is intended solely for the named addressee. If
received in error, please destroy and notify the sender. Any use of this email is
prohibited when received in error. Impetus does not represent, warrant and/or guarantee,
that the integrity of this communication has been maintained nor that the communication is
free of errors, virus, interception or interference.