I am deploying my cometd in jetty container. I want to pass kerberos credentials with the request. What should be the correct way to pass kerberos credential headers with the request which can work with all kind of transports (websockets, longpolling and callbackpolling).
Thanks,
Anuj
Related
I have an audit requirement to log the requesting username when a client makes requests to my Jetty Spnego Authenticator secured REST end point - is there any built in way of accessing and logging the client principal once authenticated? This is in Jetty 9.
if memory serves you can get this through the getUserPrincipal() call in the servlet-api
A backend service needs to know the user for the service call. Reading through the API 1.6.0 documentation I have configured it to generate JWT and removed and republished my services as stated. Running tests, I am not seeing the JWT being passed to the backed service in the response headers in Fiddler. I am not using the ESB or Identity services from WSO2.
What am I missing?
JWT information should be passed in the header under the parameter X-JWT-Assertion. The Content is been encoded. Use TCPMon to intercept the request and see if the API Manager is actually passing the JWT. This would be a good starting point to debug.
Ok it is easy to setup mongoose web server with ssl support if mongoose is authenticating the clients, and it is possible to make https requests with mongoose web server. But can mongoose support "client" authentication(possibly with an ssl certificate) when it is sending out https requests?
If yes then how, if no which alternative library do you suggest?
PS: of course c/c++ and windows
Since July 2014 Mongoose DOES support client side certificates.
Mongoose does not support client side certificates.
Your best call is to use digest authentication, which is built in mongoose, or resort to other methods like cookie-based authentication, or oauth, etc.
You can find an example of cookie-based auth in https://github.com/cesanta/mongoose/blob/master/examples/chat.c
Currently we are using wso2 IS 4.1.0 version, entitlements service for policy decisions. As entitlement service is a secured service we authenticate and get the cookie then pass the cookie along with the entitlements service requests. we are using jsessionid cookie and ran into a situation where if the wso2 is goes down we have to restart our app as it has a stale cookie we refresh the cookie on a time interval every 15 min. Is there a way in wso2 is to persist the cookie if it get restarted. we tried commenting the inside wso2is-4.1.0\repository\conf\tomcat\carbon\META-INF.
Can you suggest on how we can configure for persistence of jsessionid cookies in wso2is
Thanks
Kishore
User session (jsessionid) is not persisted in server side. So you can re-authenticated after 15min and get a new jsessionid. (If you received an authenticate failure, you can re authenticated). you need to implement PEP in such way.
If you are using basic authentication to authenticate with entitlement service. You can send both cookie (jsessionid) and basic auth header... if cookie is valid it would be authenticate with cookie, if not use basic auth headers and returns the new cookie to client. you can find some java code for this here.. but this is not for entitlement service but you can use....
[1] https://github.com/soasecurity/soasecurity/blob/master/user-mgt/client/remote-user-400/src/main/java/org/soa/security/sample/user/mgt/SampleUserRoleMgtClient.java
Is it possible to use Spring Security – Kerberos Extension to make soap calls to Kerberos protected service ? We have Wss4jSecurityInterceptor for Spring-ws , but if the soap client want to send kerberos token , we don;t have any kerberosSecurityInterceptor ? Is there a way to do this using Spring Security – Kerberos Extension? Please advise?
No, that extension if for Web auth only.