Decrypt kerberos ticket using Spnego

Danubian Sailor picture Danubian Sailor · Dec 22, 2010 · Viewed 16.5k times · Source

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss.

I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user.

How to access and decrypt kerberos ticket? I've searched net for examples, but without effort.

Answer

Grant Cermak picture Grant Cermak · Jan 7, 2011

These guys have a full PAC decoding implementation:

http://jaaslounge.sourceforge.net/

You can use the token parser like this:

HttpServletRequest request = (HttpServletRequest) req;
String header = request.getHeader("Authorization");
byte[] base64Token = header.substring(10).getBytes("UTF-8");
byte[] spnegoHeader = Base64.decode(base64Token);

SpnegoInitToken spnegoToken = new SpnegoInitToken(spnegoHeader);

You're going to need to jump though some hoops if you want to decrypt the underlying Kerberos ticket. Not sure if you need that.

Grant