[teiid-issues] [JBoss JIRA] (TEIID-2915) Support consuming REST based service that is secured by Kerberos
Ramesh Reddy (JIRA)
issues at jboss.org
Wed Jun 18 11:55:24 EDT 2014
[ https://issues.jboss.org/browse/TEIID-2915?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ramesh Reddy resolved TEIID-2915.
---------------------------------
Labels: Beta2 (was: )
Resolution: Done
Added the needed code to delegate the kerberos token all the way to REST based service. For this to work, user must login using kerberos into Teiid. I have tested it over JDBC.
I wrote three articles based on this exercise
1) https://community.jboss.org/docs/DOC-52696
2) https://community.jboss.org/docs/DOC-52692
3)https://community.jboss.org/docs/DOC-52682
They each define in individual sections how to configure and verify the usecase.
> Support consuming REST based service that is secured by Kerberos
> ----------------------------------------------------------------
>
> Key: TEIID-2915
> URL: https://issues.jboss.org/browse/TEIID-2915
> Project: Teiid
> Issue Type: Feature Request
> Security Level: Public(Everyone can see)
> Components: Misc. Connectors
> Reporter: Ramesh Reddy
> Assignee: Ramesh Reddy
> Labels: Beta2
> Fix For: 8.7.1
>
>
> Add SSO based support for consuming the REST based services that are secured by Kerberos.
> In order to support Kerberos at data source level, the engine needs to support Credential Delegation, then it can be used with CXF as shown in
> http://cxf.apache.org/docs/jaxrs-kerberos.html#JAXRSKerberos-CredentialDelegation
> The SPENGO module needs to check getCredDelegState() flag on the GSS Context, and should provide a way to return the GSSCredential object then Teiid needs to propagate this as session payload and use it in the web-service connector as the delegate to target consumer service.
> As of JBoss EAP 6.1.Alpha, I do not see the delegation in the SPENGO module, so support needs to be available in SPENGO module. Needs to investigate which version of SPENGO module supports this.
--
This message was sent by Atlassian JIRA
(v6.2.6#6264)
More information about the teiid-issues
mailing list