You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2017/01/29 00:06:25 UTC

[jira] [Commented] (RAMPART-433) Support for Kerberos v5 delegated authentication

    [ https://issues.apache.org/jira/browse/RAMPART-433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15844226#comment-15844226 ] 

Hudson commented on RAMPART-433:
--------------------------------

SUCCESS: Integrated in Jenkins build Rampart #2344 (See [https://builds.apache.org/job/Rampart/2344/])
RAMPART-417, RAMPART-433: Add Kerberos support. Based on patches provided by Detelin Yordanov and Boris Dushanov. (veithen: rev 1780752)
* (edit) trunk
* (edit) trunk/modules/rampart-core/pom.xml
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/RampartEngine.java
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/BindingBuilder.java
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/builder/TransportBindingBuilder.java
* (add) trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/KerberosConfigBuilder.java
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/builders/RampartConfigBuilder.java
* (add) trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/KerberosConfig.java
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/policy/model/RampartConfig.java
* (edit) trunk/modules/rampart-core/src/main/java/org/apache/rampart/util/RampartUtil.java
* (edit) trunk/modules/rampart-core/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
* (edit) trunk/modules/rampart-core/src/main/resources/org/apache/rampart/errors.properties
* (add) trunk/modules/rampart-core/src/test/java/org/apache/rampart/policy
* (add) trunk/modules/rampart-core/src/test/resources/org/apache/rampart/policy
* (edit) trunk/modules/rampart-integration/pom.xml
* (add) trunk/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationService.java
* (add) trunk/modules/rampart-integration/src/test/java/org/apache/rampart/KerberosDelegationServiceValidator.java
* (add) trunk/modules/rampart-integration/src/test/java/org/apache/rampart/RampartKerberosTest.java
* (add) trunk/modules/rampart-integration/src/test/java/org/apache/rampart/util
* (add) trunk/modules/rampart-integration/src/test/resources/kerberos
* (add) trunk/modules/rampart-integration/src/test/resources/rampart/kerberos
* (edit) trunk/modules/rampart-policy/pom.xml
* (edit) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/Constants.java
* (edit) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP11Constants.java
* (edit) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SP12Constants.java
* (edit) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/SPConstants.java
* (add) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy/model/KerberosToken.java
* (add) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy11/builders/KerberosTokenBuilder.java
* (add) trunk/modules/rampart-policy/src/main/java/org/apache/ws/secpolicy12/builders/KerberosTokenBuilder.java
* (edit) trunk/modules/rampart-policy/src/main/resources/META-INF/services/org.apache.neethi.builders.AssertionBuilder
* (add) trunk/modules/rampart-policy/src/test
* (edit) trunk/pom.xml


> Support for Kerberos v5 delegated authentication
> ------------------------------------------------
>
>                 Key: RAMPART-433
>                 URL: https://issues.apache.org/jira/browse/RAMPART-433
>             Project: Rampart
>          Issue Type: New Feature
>          Components: rampart-core
>    Affects Versions: 1.6.2
>            Reporter: Boris Dushanov
>              Labels: Patch
>             Fix For: 1.8.0
>
>         Attachments: alice.keytab, bob.keytab, rampart_kerberos_delegation_with_keytab_instructions.patch
>
>
> This support is based on the Kerberos v5 enhancement provided in RAMPART-417.
> Kerberos delegation is supported in wss4j since 1.6.17 so this feature requires upgrade from 1.6.16 to 1.6.17.The upgrade is smooth and requires no changes.
> The changes in rampart uses the wss4j capabilities.Rampart's kerberos configuration is enhanced with two new settings - one for requesting a kerberos delegation credential and one for setting such. When the latter is set, rampart requests a Kerberos security token on behalf of the user for which the credentials are.
> The provided implementation also includes a corresponding integration test. ApacheDS 2.0 is required as 1.5.7 seems to have issues when delegation is requested.Because of that, the existing kerberos tests are also made to work with the newer ApacheDS version.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org