[teiid-issues] [JBoss JIRA] (TEIID-3059) Support consuming SOAP based service that is secured by Kerberos authentication

Ramesh Reddy (JIRA) issues at jboss.org
Fri Aug 15 17:10:29 EDT 2014 

    [ https://issues.jboss.org/browse/TEIID-3059?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12993313#comment-12993313 ] 

Ramesh Reddy commented on TEIID-3059:
-------------------------------------

After spending a ton of time and building a kerberos based example and trying to test with individual client and then through Teiid, the conclusion I derived is

1) To use any WS-Security features in "ws" translator, the resource-adapter must be configured with WSDL. When WSDL is configured it exposes all the methods on the port through dynamic metadata. These methods needs to be used instead of using generic "invoke" procedure. The reason for this is, the client proxy that gets generated through "Service.create()" call takes ws-policy information in the WSDL automatically. Otherwise the onerous is on the Teiid framework to do the same (through some duplicate config or WSDL) on generic Dispatch interface. Which seems cumbersome at best.  The issue is current tooling is based on "invoke" based execution, this is need to be re thought when WSDL is available.

2) As per pass-through authentication for Kerberos token to the web service from logged in user, this feature just got committed to master branch in cxf (url in above comment), so when we move up in CXF version them we can support it. I tried to see if I can patch existing code, but the change involves CXF and WSS4J modules and totally trivial. So, I say we push this until we support later version of the CXF and WSS4J. (not in 2.0.1 of wss4j)

3) wrote sample examples here https://github.com/rareddy/ws-security-examples

4) I update documentation with above


> Support consuming SOAP based service that is secured by Kerberos authentication
> -------------------------------------------------------------------------------
>
>                 Key: TEIID-3059
>                 URL: https://issues.jboss.org/browse/TEIID-3059
>             Project: Teiid
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Misc. Connectors
>            Reporter: Ramesh Reddy
>            Assignee: Ramesh Reddy
>
> CXF supports Kerberos based authentication in issuing a SOAP based web service call. This needs to be verified authentication scenario and further enhance code to support delegation of kerberos token.



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the teiid-issues mailing list