如何获取 DFS Kerberos 身份验证所需的令牌？

发布于 2024-09-16 10:28:17 字数 1295 浏览 2 评论 0原文

我正在尝试编写一个客户端来使用 DFS（Documentum Foundation Services）并尝试使用 Kerberos 进行单点登录。文档中的 Java 和 C# 示例代码（生产力层）都提供了以下行来获取 Kerberos 二进制令牌：

字节[]票= ...

我不确定如何实际获取二进制令牌，并且“...”对我没有帮助。有谁知道如何使用 Java 或 C# 获取实际票证（Kerberos 令牌）？

以下是 Java 和 C# 的示例：

Java：使用 Kerberos 身份验证调用服务

KerberosTokenHandler handler = new KerberosTokenHandler();
IObjectService service = ServiceFactory
.getInstance().getRemoteService(..., contextRoot, Arrays.asList((Handler) handler));
byte[] ticket = ...;
handler.setBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.KERBEROSV5_AP_REQ));
service.create(...)

C#：使用 Kerberos 身份验证调用服务

KerberosTokenHandler handler = new KerberosTokenHandler();
List<IEndpointBehavior> handlers = new List<IEndpointBehavior>();
handlers.Add(handler);
IObjectService service = ServiceFactory
.Instance.GetRemoteService<IObjectService>(..., contextRoot, handlers);
byte[] ticket = ...;
handler.SetBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.GSS_KERBEROSV5_AP_REQ));
service.create(...);

原文

I'm trying to write a client for consuming DFS (Documentum Foundation Services) and trying to use Kerberos for single sign-on. Both Java and C# sample code (productivity layer) in the documentation gives the following line which gets the Kerberos binary token:

byte[] ticket = ...

I'm not sure how to actually get the binary token, and the "..." doesn't help me. Does anyone know how to get an actual ticket (Kerberos token) using either Java or C#?

Here are the examples given for both Java and C#:

Java: Invoking a service with Kerberos authentication

KerberosTokenHandler handler = new KerberosTokenHandler();
IObjectService service = ServiceFactory
.getInstance().getRemoteService(..., contextRoot, Arrays.asList((Handler) handler));
byte[] ticket = ...;
handler.setBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.KERBEROSV5_AP_REQ));
service.create(...)

C#: Invoking a service with Kerberos authentication

KerberosTokenHandler handler = new KerberosTokenHandler();
List<IEndpointBehavior> handlers = new List<IEndpointBehavior>();
handlers.Add(handler);
IObjectService service = ServiceFactory
.Instance.GetRemoteService<IObjectService>(..., contextRoot, handlers);
byte[] ticket = ...;
handler.SetBinarySecurityToken(
new KerberosBinarySecurityToken(ticket, KerberosValueType.GSS_KERBEROSV5_AP_REQ));
service.create(...);

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

情深已缘浅 2024-09-23 10:28:17

我刚刚为 .NET 解决了这个问题，并想与那些可能感兴趣的人分享。需要的是 WSE3 库。确保为 Kerberos 委派配置 DFS 服务帐户。

因此，需要做的是使用 Kerberos 令牌设置 KerberosTokenHandler。 KerberosBinarySecurityToken 来自 WSE3。代码看起来像这样：

KerberosTokenHandler kerberosTokenHandler = new KerberosTokenHandler();

String servicePrincipalName = “DFS/example66”;  // this is the service principal name for your DFS service account in Active Directory.
using (KerberosClientContext kerberosClientContext = new KerberosClientContext(servicePrincipalName, true, ImpersonationLevel.Delegation))
{
      KerberosBinarySecurityToken token = new KerberosBinarySecurityToken(kerberosClientContext.InitializeContext(), KerberosValueType.KERBEROSV5_AP_REQ);
      kerberosTokenHandlerandler.SetBinarySecurityToken(token);
}

I just figured this out for .NET and would like to share for those who maybe interested. What's needed is WSE3 library. Make sure to configure your DFS service account for Kerberos delegation.

So what need to do is set your KerberosTokenHandler with the Kerberos token. The KerberosBinarySecurityToken comes from WSE3. The code would look something like this:

KerberosTokenHandler kerberosTokenHandler = new KerberosTokenHandler();

String servicePrincipalName = “DFS/example66”;  // this is the service principal name for your DFS service account in Active Directory.
using (KerberosClientContext kerberosClientContext = new KerberosClientContext(servicePrincipalName, true, ImpersonationLevel.Delegation))
{
      KerberosBinarySecurityToken token = new KerberosBinarySecurityToken(kerberosClientContext.InitializeContext(), KerberosValueType.KERBEROSV5_AP_REQ);
      kerberosTokenHandlerandler.SetBinarySecurityToken(token);
}

回复收藏 0 原文

~没有更多了~