Stack Overflow
Stack Overflow

Questions tagged [kerberos-delegation]

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server

Kerberos Delegation is a feature that allows an application to reuse the end-user credentials to access resources hosted on a different server. A common example is a web server passing the credentials of the client user to a database server behind it. Without Kerberos delegation in place, the client user credentials cannot be passed to the database server.

126 questions
1
vote
2 answers

Keycloak GSS Credential delegation when browser not in AD Domain

I have a Web App that uses Keycloak/OpenID Connect to authenticate a user to an Windows AD. Users will not be using a browser on a workstation in the Windows AD domain. The Web App server (Tomcat with Keycloak adapter) is running in the Windows AD…
Christopher Smith
  • 197
  • 1
  • 18
1
vote
1 answer

support kerberos constrained delegation using SSPI for multiprocess

I need to support Kerberos constrained delegation for our C++ HTTP server product on Windows using SSPI. For a single process server, the follow workflow can be used and I have a working prototype. 1) Call AcquireCredentialsHandle 2) Call…
user10193831
  • 13
  • 4
1
vote
1 answer

Setting up Kerberos 2 hop authentication between Web App and API

I am using Windows Server 2018, IIS 10 and my web application targets .Net Framework 4.5.1. My API, I built using .Net Core 2.1 and Visual Studio 2017. Both the website and the API use windows authentication. I used this person's tutorial to try and…
Ryan Wilson
  • 10,223
  • 2
  • 21
  • 40
1
vote
1 answer

Switching application to use Constraint based kerberos

I have an old application that we setup with delegation based kerberos. Everything with the application worked fine till we tried it out on one of our new Windows 10 machines. After awhile, we finally figured out that Credential guard is not playing…
Lareau
  • 1,982
  • 1
  • 26
  • 47
1
vote
1 answer

How to implement single sign-on using kerberos authentication in azure active directory

Using Azure Active Directory When i am applying single sign on for my web application i am able to do the Password-based single sign-on successfully. But when i am doing with Integrated Windows Authentication(for kerberos authentication mainly), i…
Sunil Sunny
  • 531
  • 7
  • 30
1
vote
0 answers

KerbRetrieveEncodedTicketMessage failing with constrained delegation

We are using LsaCallAuthenticationPackage with KERB_RETRIEVE_TKT_REQUEST of type KerbRetrieveEncodedTicketMessage. We impersonate a Windows identity and then use LsaCallAuthenticationPackage to get the tickets. We are able to retrieve tickets (tgt…
mlg
  • 101
  • 2
  • 8
1
vote
0 answers

Spark job error: Failed to renew token: Kind: TIMELINE_DELEGATION_TOKEN

I am submitting a spark with that would write to Kerborized cluster with following command. I didn't add any code in the spark program to enable authentication etc stuff. I just passed principal and keytab with spark-submit. But i am getting 'Failed…
AKC
  • 953
  • 4
  • 17
  • 46
1
vote
0 answers

Calling AcquireCredentialsHandle after ImpersonateSecurityContext returns no credentials

I am writing a server supporting Kerberos which needs to accept delegated credentials from a client, impersonate that client, and perform another kerberos conversation with a remote server acting as the client. Currently, the server completes the…
Craig Wilson
  • 12,174
  • 3
  • 41
  • 45
1
vote
0 answers

how can I access the value of a service ticket from kerberos cache?

I'm trying to debug an issue in kerberos configuration. I generated a service ticket using the kgetcred utility. I'd like to access the value of the service ticket so that I can put it into the Authorization header of a request to the protected…
Will Munn
  • 7,363
  • 4
  • 27
  • 32
1
vote
0 answers

kerberos kinit gives java.lang.NullPointerException on Windows server 12

When I run kinit command on windows server 2012 it gives null pointer error. please give me any solution. D:\Junk_Folder>kinit user Password for user@DOMAIN.COM: Exception: java.lang.NullPointerException java.lang.NullPointerException at…
rj27
  • 89
  • 1
  • 9
1
vote
1 answer

Kerberos authentication issue : Site stops working automatically after some time

There is a website set to run on windows authentication. There are 3 web applications under the site, each on their own application pool, but with the same domain account. ASP.NET impersonation, Use App Pool credentials, Use Kernel mode…
Baskar Lingam Ramachandran
  • 617
  • 9
  • 25
1
vote
0 answers

How to delegate the kerberos client credentials to the server?

It's possible to get a service ticket for the client (remote user) in the server side in order to use that ticket to authenticate against another backend? Scenario: User (IE) ==> AppServer (Websphere, under Linux) ==> Backend (webservice) We have…
Alejandro Caride
  • 241
  • 3
  • 13
1
vote
1 answer

Kerberos double hop issue with ASP.NET web application to sharepoint

I need your help with a Kerberos double hop issue I have... After reading many posts online on the topic, I still cannot understand what is wrong is my setup. Here is the setup I use: Client PC Web server hosting a simple ASMX web service Web…
TrustNo_1
  • 51
  • 7
1
vote
1 answer

WSO2 IS login with Radius / Kerberos

The picture bellow shows the architecture that I need to deploy, and it explains my problem. I already designed a sub system that contains a set of applications (web services, web applications) deployed in apache tomcat. To provide the SSO…
user2602584
  • 737
  • 2
  • 7
  • 25
1
vote
1 answer

Kerberos Delegation (Double-Hop) with pymssql

The pymssql module claims to support Kerberos Authentication (and delegation) and yet I can't seem to enable it. The client I am running is on Windows. I need to connect with a double-hop through a reverse database proxy. The client, the proxy, and…
Inbar Rose
  • 41,843
  • 24
  • 85
  • 131
1 2 3
8 9