Decrypt kerberos ticket using Spnego

java jboss active-directory kerberos spnego
Danubian Sailor picture Danubian Sailor · Dec 22, 2010 · Viewed 16.5k times · Source

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss.

I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user.

How to access and decrypt kerberos ticket? I've searched net for examples, but without effort.

Answer

Grant Cermak picture Grant Cermak · Jan 7, 2011

These guys have a full PAC decoding implementation:

http://jaaslounge.sourceforge.net/

You can use the token parser like this:

HttpServletRequest request = (HttpServletRequest) req;
String header = request.getHeader("Authorization");
byte[] base64Token = header.substring(10).getBytes("UTF-8");
byte[] spnegoHeader = Base64.decode(base64Token);

SpnegoInitToken spnegoToken = new SpnegoInitToken(spnegoHeader);

You're going to need to jump though some hoops if you want to decrypt the underlying Kerberos ticket. Not sure if you need that.

Grant

Related questions

What is the difference between Tomcat, JBoss and Glassfish?

I am starting to look into Enterprise Java and the book I am following mentions that it will use JBoss. Netbeans ships with Glassfish. I have used Tomcat in the past. What are the differences between these three programs?

Read More
How to call a stored procedure from Java and JPA

I am writing a simple web application to call a stored procedure and retrieve some data. Its a very simple application, which interacts with client's database. We pass employee id and company id and the stored procedure will return employee …

Read More
Address already in use: JVM_Bind java

Some times whenever I restart the application, which is built on Java Struts Mysql and Jboss 4.05 Version I get the error as Address already in use: JVM_Bind Only fix that i know is to restart the machine and try …

Read More