I'm attempting to implement a simple Single Sign On scenario where some of the participating servers will be windows (IIS) boxes. It looks like SPNEGO is a reasonable path for this. Here's the scenario: User logs in to my SSO service using his username and password. I authenticate him using some mechanism. At some later time the user ...
If I pass the current users credentials to a webservice by using system.net.credentialcache.defaultcredentials, on which way will the information be transfered? I don't think that it will be clear text, so the credentials have to be encrypted, but how are they? ...
When our customers install our software, they often opt for a "split install", where the services run on one box and the database is on another box. The services might talk to other services, or the database might contain stored procedures that need to talk to another database. This leads us into the murky world of Kerberos and SetSPN. ...
I've got a small WCF webservice working with the built-in WCF Service Host and with hosting by the Visual Studio 2008 built-in development webserver. I these hosting enviroments I have relied on the WCF Test Client for invoking the service methods. Now I am running into problems with my next phase of testing: I have it hosted in IIS...
We have a kerberos domain at my company and I'm running a few of the Java/Kerberos examples. The question I have is around the login mechanism from the server's perspective. When running the server example GssServer.java, I need to get a javax.security.auth.Subject; in the supplied code this is via a LoginContext thus: // Create a Login...
Hi, I'm using GSSAPI in Java in order to login to an LDAP server using Kerberos authentication. I'm a newbie to Kerberos, so I'm sorry if this is an obvious question, but I couldn't find anything clear enough on the internet. I perform the following steps: Define Login configuration by setting the system property "java.security.auth....
Are there examples which show how Delphi invokes the Active Directory Kerberos server to request a ticket granting ticket / normal ticket? Background: the ticket is required for authentification to a web service which exchanges confidential information. Edit: a short source code example would be very helpful. I have found the JEDI Wind...
Project Background: I am setting up a small farm where the Intranet is its own application. Following the Least Priveleged Account setup principle, I have Domain User accounts created for each process/app. pool. The service authentication works great over Kerberos. One of the projects needs to have another web application (separate from...
I have several computers... only one of which cannot authenticate to either my exchange or TFS server. (2 of the computers are at my home trying to connect to our exchange/tfs server at work, one of which as the problem). Several other employees have not had any connectivity problems. The errors I am seeing are 401 2 2148074254 401 ...
We have a WCF (Windows Communication Foundation) client and service application. We're using Windows Authentication with Kerberos. The issue is that the service may be run under one of many accounts (maybe Network Service, maybe a specific user account -- depends on the IT group). This account is not not likely to change daily, but ...
I need to consume a rest web service with java, passing the credentials of a domain user account. right now I'm doing it with classic asp set xmlHttp = server.createObject( "msxml2.serverxmlhttp" ) xmlHttp.open method, url, false, domain request.Credentials = new NetworkCredential(user, password, domain); request.Method = WebReques...
Is it possible to get the currently logged in user's username with Silverlight? You can assume that user has Windows OS and the Silverlight application is hosted in Internet Explorer. Getting the identity from server side with ASP.NET is not an option, this SL application will be hosted on a static HTML file. ...
We have an intranet site on our corporate network (SharePoint 3). If I look at it via Internet Explorer - I'm already logged in. If I look at it using Firefox I have to enter my windows username & password. My questions is this: Why is there this discrepancy between the browsers? Does Microsoft have some proprietary plugin in IE that c...
Please, can someone PLEASE give a simple, straight-forward way to enable ASP.NET > Kerberos > Sql Server? We have clientMachine > webServer > databaseServer. The client is insistent that the site must pull the windows login and not prompt, hence the need for Kerberos and Integrated Authentication. It also MUST impersonate the user onto...
Hi guys, I'm using javamail to check an IMAP inbox, and at the moment I'm simply logging into the IMAP server by storing the username and password. Our security policy at work requires this to be kerberised however. I've been reading up on javamail, IMAP and kerberos, and some resources say it isn't possible, whilst others suggest it i...
I have followed numerous msdn articles and the codeplex guidance but cannot get WCF to work with Kerberos authentication and delegation and would appreciate a little help. Setup I have the WCF service in an IIS website on a remote machine IIS 6.0 on Windows 2003 R2 - SP 2 The SPN for the machine has been added (http/myserver && http/...
I have a web app built upon CakePHP. Currently it is doing user authentication / Access Control with the built-in AuthComponent and the ACL functionality. Throughout our organization, we have MANY applications (web and otherwise) that all require their own user/pass combo. Our company is looking to migrate as many of our internal apps...
As far as I know both FireFox and Safari can not work with Kerberos in a SharePoint context for the time being, but why is that, and should we expect that both FireFox and Safari will play ball in the SharePoint 2010 timeframe? ...
Hi, I'm currently integrating a CMS (developed in PHP) authentication with Active Directory. This specific Active Directory only allows authentication through Kerberos, or ldaps:// (but this last one is not the most wanted since I'll have to use absolute paths). I've been searching the web for anything about PHP AD Kerberos Authenticat...
Due to the new limitations of Kerberos in OS X 10.6, I'm working on a script that offers similar functionality to what used to be available in 10.5. Essentially it parses the klist output to see if your ticket is expiring and displays how long until it expires. If we hit the 10 minute mark, it calls kinit to do a GUI password prompt to...