You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Laurence Brockman <la...@sjrb.ca> on 2005/11/11 00:55:17 UTC

WSS4J and Kerberos signatures

Hello,

 

Sorry if this is a FAQ but I have been looking for answers to this high
and low and have not seen this on the list.

 

We are going to try and use Kerberos to authenticate users on our SOAP
server. What we envision is having the client send down the SOAP request
with a service ticket from a KDC. The server (Axis using WSS4J on
Tomcat) would then authenticate this user against said KDC. After
briefly looking at the documentation within the WSS4J code I think what
we would want to do is extend the WSDoAllHandler class (From the
org.apache.axis.security.handler package). Is this the right direction
to be going in? Has anybody looked at this? I'm relatively new to
Axis/WSS4J and some guidance would be awesome!

 

Thanks,

Laurence

 

Laurence Brockman
Server Specialist, Shaw Operations Centre
Shaw Communications Inc.
Phone : (403) 303-4805
E-mail : laurence.brockman@sjrb.ca

 

ACCOUNTABLE    BALANCE    CUSTOMER FOCUSED    INTEGRITY    LOYALTY
POSITIVE, CAN DO ATTITUDE    TEAM PLAYER

Re: WSS4J and Kerberos signatures

Posted by Davanum Srinivas <da...@gmail.com>.

Laurence,

I believe you start with taking a look at the Kerberos Token Profile
at the OASIS WSS TC web site:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

There's lots of refactoring in the latest SVN, which makes it easy to
plugin a new token profile. So please get the latest SVN code and
start asking more questions :)

thanks,
dims

On 11/10/05, Laurence Brockman <la...@sjrb.ca> wrote:
>
>
>
> Hello,
>
>
>
> Sorry if this is a FAQ but I have been looking for answers to this high and
> low and have not seen this on the list.
>
>
>
> We are going to try and use Kerberos to authenticate users on our SOAP
> server. What we envision is having the client send down the SOAP request
> with a service ticket from a KDC. The server (Axis using WSS4J on Tomcat)
> would then authenticate this user against said KDC. After briefly looking at
> the documentation within the WSS4J code I think what we would want to do is
> extend the WSDoAllHandler class (From the
> org.apache.axis.security.handler package). Is this the
> right direction to be going in? Has anybody looked at this? I'm relatively
> new to Axis/WSS4J and some guidance would be awesome!
>
>
>
> Thanks,
>
> Laurence
>
>
>
> Laurence Brockman
>  Server Specialist, Shaw Operations Centre
>  Shaw Communications Inc.
>  Phone : (403) 303-4805
>  E-mail : laurence.brockman@sjrb.ca
>
>
>
> ACCOUNTABLE    BALANCE    CUSTOMER FOCUSED    INTEGRITY    LOYALTY
> POSITIVE, CAN DO ATTITUDE    TEAM PLAYER
>
>


--
Davanum Srinivas : http://wso2.com/blogs/

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org

Re: WSS4J and Kerberos signatures

Posted by Davanum Srinivas <da...@gmail.com>.

Laurence,

I believe you start with taking a look at the Kerberos Token Profile
at the OASIS WSS TC web site:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

There's lots of refactoring in the latest SVN, which makes it easy to
plugin a new token profile. So please get the latest SVN code and
start asking more questions :)

thanks,
dims

On 11/10/05, Laurence Brockman <la...@sjrb.ca> wrote:
>
>
>
> Hello,
>
>
>
> Sorry if this is a FAQ but I have been looking for answers to this high and
> low and have not seen this on the list.
>
>
>
> We are going to try and use Kerberos to authenticate users on our SOAP
> server. What we envision is having the client send down the SOAP request
> with a service ticket from a KDC. The server (Axis using WSS4J on Tomcat)
> would then authenticate this user against said KDC. After briefly looking at
> the documentation within the WSS4J code I think what we would want to do is
> extend the WSDoAllHandler class (From the
> org.apache.axis.security.handler package). Is this the
> right direction to be going in? Has anybody looked at this? I'm relatively
> new to Axis/WSS4J and some guidance would be awesome!
>
>
>
> Thanks,
>
> Laurence
>
>
>
> Laurence Brockman
>  Server Specialist, Shaw Operations Centre
>  Shaw Communications Inc.
>  Phone : (403) 303-4805
>  E-mail : laurence.brockman@sjrb.ca
>
>
>
> ACCOUNTABLE    BALANCE    CUSTOMER FOCUSED    INTEGRITY    LOYALTY
> POSITIVE, CAN DO ATTITUDE    TEAM PLAYER
>
>


--
Davanum Srinivas : http://wso2.com/blogs/

---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org