[teiid-issues] [JBoss JIRA] (TEIID-2915) Support consuming REST based service that is secured by Kerberos

Ramesh Reddy (JIRA) issues at jboss.org
Wed Jun 18 11:55:24 EDT 2014 

     [ https://issues.jboss.org/browse/TEIID-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ramesh Reddy resolved TEIID-2915.
---------------------------------

        Labels: Beta2  (was: )
    Resolution: Done


Added the needed code to delegate the kerberos token all the way to REST based service. For this to work, user must login using kerberos into Teiid. I have tested it over JDBC.

I wrote three articles based on this exercise
1) https://community.jboss.org/docs/DOC-52696
2) https://community.jboss.org/docs/DOC-52692
3)https://community.jboss.org/docs/DOC-52682

They each define in individual sections how to configure and verify the usecase.

> Support consuming REST based service that is secured by Kerberos
> ----------------------------------------------------------------
>
>                 Key: TEIID-2915
>                 URL: https://issues.jboss.org/browse/TEIID-2915
>             Project: Teiid
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Misc. Connectors
>            Reporter: Ramesh Reddy
>            Assignee: Ramesh Reddy
>              Labels: Beta2
>             Fix For: 8.7.1
>
>
> Add SSO based support for consuming the REST based services that are secured by Kerberos.
> In order to support Kerberos at data source level, the engine needs to support Credential Delegation, then it can be used with CXF as shown in 
> http://cxf.apache.org/docs/jaxrs-kerberos.html#JAXRSKerberos-CredentialDelegation
> The SPENGO module needs to check getCredDelegState() flag on the GSS Context, and should provide a way to return the GSSCredential object then Teiid needs to propagate this as session payload and use it in the web-service connector as the delegate to target consumer service.
> As of JBoss EAP 6.1.Alpha, I do not see the delegation in the SPENGO module, so support needs to be available in SPENGO module. Needs to investigate which version of SPENGO module supports this.



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the teiid-issues mailing list