[jboss-jira] [JBoss JIRA] Commented: (SECURITY-131) WS-Kerberos

[Anil Saldhana (JIRA)]

    [ https://jira.jboss.org/jira/browse/SECURITY-131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12471107#action_12471107 ] 

Anil Saldhana commented on SECURITY-131:
----------------------------------------

http://www.jboss.org/index.html?module=bb&op=viewtopic&t=150953   has a comment

===================
The ticket needs to be forwardable. If it is, in firefox, you add your website to the trusted URIs for delegation ( in about:config). At this point, you should see "context.getDelegState()=true" in the logs.
The missing bit in the jboss-negotiation project is to get the delegated credendentials and store them in the private credentials of the Subject in the SPNEGOLoginModule. It needs to be destroyed or cleared in the logout method.
Then, you will need to manage yourself the kerberos ticket and implement yourself the WS-kerberos (if your webservice is using a HTTP binding, i suppose it would be easy to secure the webservice via spnego). Jboss does not implement these things for you so, you have to take care of the ticket renewal and propagation...

> WS-Kerberos
> -----------
>
>                 Key: SECURITY-131
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-131
>             Project: JBoss Security and Identity Management
>          Issue Type: Task
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: Negotiation_2.0.4.GA
>
>
> Both incomming and outbound.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira