[
https://issues.jboss.org/browse/TEIID-4183?page=com.atlassian.jira.plugin...
]
Ramesh Reddy resolved TEIID-4183.
---------------------------------
Fix Version/s: 9.1
(was: 9.0)
Resolution: Done
[~jdurani] Thanks. I had the previous one almost setup correctly but I forgot to copy a
config file. I was able to finally duplicate the issue.
It came about, the way I was wrapping is correct, but it is alone is not sufficient. The
subject I was using was not correct. Using the credential, one needs to create new subject
using a security libraries, which will have a krb token for the delegated user. Then the
credential matches with the user. I corrected it based on EAP implementation pattern, now
it works as expected. See if you can build it locally and test (you can just copy the
teiid-jboss-integration-8.12.5.jar) into the server.
MSSQL JDBC driver invalidates kerberos ticket on Connection.close()
-------------------------------------------------------------------
Key: TEIID-4183
URL:
https://issues.jboss.org/browse/TEIID-4183
Project: Teiid
Issue Type: Bug
Affects Versions: 8.12.x, 8.7.5.6_2
Reporter: Juraj DurĂ¡ni
Assignee: Ramesh Reddy
Fix For: 9.1, 8.12.5
MSSQL JDBC driver invalidate kerberos ticket on Connection.close() (related bugzilla
\[1\]).
If user creates kerberos connection, driver invalidates ticket on closing connection
(Connection.close()). Therefore ticket cannot be re-used. EAP team creates a workaround
for this by adding module option *wrapGSSCredential=true* with additional setting
*credentialLifetime=-1* \[2, 3, 4, 5\]. This works for static kerberos authentication.
However, passthrough authentication (org.teiid.jboss.PassthroughIdentityLoginModule) does
not work, because passed ticket is not managed by EAP but by client.
\[1\]
https://bugzilla.redhat.com/show_bug.cgi?id=1097276
\[2\]
https://bugzilla.redhat.com/show_bug.cgi?id=1097276#c58
\[3\]
https://issues.jboss.org/browse/SECURITY-905
\[4\]
https://issues.jboss.org/browse/JBEAP-843
\[5\]
https://github.com/wildfly-security/jboss-negotiation/commit/0c7e06f58a79...
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)