[jbosstools-issues] [JBoss JIRA] (JBDS-3188) Support of krb5-principal keys in openshift-java-client (eclipse)
Andre Dietisheim (JIRA)
issues at jboss.org
Wed Dec 17 10:02:30 EST 2014
[ https://issues.jboss.org/browse/JBDS-3188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028348#comment-13028348 ]
Andre Dietisheim edited comment on JBDS-3188 at 12/17/14 10:01 AM:
-------------------------------------------------------------------
The server side of the krb5 authentication can be found here: https://github.com/vindir/openshift-external-postgresql-cartridge/blob/master/plugins/auth/kerberos/lib/openshift/kerberos_auth_service.rb#L108
{code:ruby}
def login(request, params, cookies)
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
data = JSON.parse(params['json_data'])
return authenticate(request, data['rhlogin'], params['password'])
end
end
def authenticate(request, login, password)
params = request.request_parameters()
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? || password.empty?
krb5 = Krb5.new
# get the default realm
default_realm = krb5.get_default_realm
Rails.logger.debug "Default realm is: " + default_realm
# try to cache non-existant data (this should fail and throw an exception)
begin
krb5.cache
rescue Krb5Auth::Krb5::Exception
Rails.logger.debug "Failed caching credentials before obtaining them. Continuing..."
end
if krb5.get_init_creds_password(login,password)
krb5.close
return {:username => login, :auth_method => :login}
else
krb5.close
raise OpenShift::AccessDeniedException
end
end
end
{code}
was (Author: adietish):
The server side of the krb5 authentication can be found here:
{code:title=https://github.com/vindir/openshift-external-postgresql-cartridge/blob/master/plugins/auth/kerberos/lib/openshift/kerberos_auth_service.rb#L108}
def login(request, params, cookies)
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
data = JSON.parse(params['json_data'])
return authenticate(request, data['rhlogin'], params['password'])
end
end
def authenticate(request, login, password)
params = request.request_parameters()
if params['broker_auth_key'] && params['broker_auth_iv']
validate_broker_key(params['broker_auth_iv'], params['broker_auth_key'])
else
raise OpenShift::AccessDeniedException if login.nil? || login.empty? || password.nil? || password.empty?
krb5 = Krb5.new
# get the default realm
default_realm = krb5.get_default_realm
Rails.logger.debug "Default realm is: " + default_realm
# try to cache non-existant data (this should fail and throw an exception)
begin
krb5.cache
rescue Krb5Auth::Krb5::Exception
Rails.logger.debug "Failed caching credentials before obtaining them. Continuing..."
end
if krb5.get_init_creds_password(login,password)
krb5.close
return {:username => login, :auth_method => :login}
else
krb5.close
raise OpenShift::AccessDeniedException
end
end
end
{code}
> Support of krb5-principal keys in openshift-java-client (eclipse)
> ------------------------------------------------------------------
>
> Key: JBDS-3188
> URL: https://issues.jboss.org/browse/JBDS-3188
> Project: Developer Studio (JBoss Developer Studio)
> Issue Type: Feature Request
> Components: openshift
> Affects Versions: 8.0.x
> Reporter: Christos Triantafyllidis
> Assignee: Max Rydahl Andersen
>
> The openshift-java-client which is used by the eclipse plugin doesn't support this krb5-principal keys.
> This request is to be able to clone/pull/push updates to openshift application repositories when krb5 credentials are already available and the openshift broker supports krb5 authentication.
> https://github.com/openshift/openshift-java-client/blob/master/src/main/java/com/openshift/client/SSHKeyType.java
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jbosstools-issues
mailing list