[HTTPCLIENT-1540] Support delegated credentials (ISC_REQ_DELEGATE) via ClientWinAuth - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.4 Alpha1
Fix Version/s: 4.4 Beta1
Component/s: HttpClient (classic)
Labels:
None
Environment:
Windows

Description

If you use this Wikipedia graphic as a reference, http://en.wikipedia.org/wiki/Kerberos_(protocol)#mediaviewer/File:Kerberos.svg, the current implementation in HttpClient 4.4alpha1 does the first (red) and last (green) steps but it doesn't do the middle one (middle). By adding a parameter, it won't skip out on the middle step (where the Windows LSA will ask the Windows domain controller to generate a ticket-granting-ticket for the requested service).

In WindowsNegotiateScheme.getToken(), the change would be to update Sspi.ISC_REQ_CONNECTION to Sspi.ISC_REQ_CONNECTION | Sspi.ISC_REQ_DELEGATE.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HTTPCLIENT-1540.patch.diff
15/Aug/14 07:04
0.8 kB
Ka-Lok Fung

Activity

People

Assignee:: Unassigned

Reporter:: Ka-Lok Fung

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Aug/14 22:56

Updated:: 20/Sep/16 19:31

Resolved:: 15/Aug/14 12:43