Skip to content

cloudfoundry-community/kerberos-auth-egress-wcf-client-interceptor

master
Switch branches/tags
Code
This branch is 7 commits ahead of alfusinigoj:master.
Contribute

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

PivotalServices.WcfClient.Kerberos.Interceptor

Build Status

NuGet MyGet

This package will add a Wcf client interceptor which will injects kerberos ticket for egress requests. This should be used together with the supply buildpack to make it fully functional

Below are the important developer instructions, to follow after installation of this package

  1. Add the supply buildpack from here in the CF manifest (preferably the latest release).

    IMPORTANT: Make sure the application is built/published with target platform x64

  2. Follow the readme to setup the sources for kerberos config and keytab files For kerberos config template, please here
  3. Set the correct client UPN in AppSettings with key ClientUserPrincipalName as below (this section will be already added by the package)
  <appSettings>
		<add key="ClientUserPrincipalName" value="client_username@domain" />
  </appSettings>
  1. Set ImpersonateClientUser to true if you need to impersonate the svc user with the client user account (this section will be already added by the package, default is false)
  <appSettings>
		<add key="ImpersonateClientUser" value="false" />
  </appSettings>
  1. Target service UPN has to be provided in the client/endpoint/identity configuration as in the sample below. If not, system will try to use the SPN host/foo.bar (based on the below sample)
  <system.serviceModel>
		<client>
		  <endpoint address="http://foo.bar/myservice.svc" 
					binding="basicHttpBinding" 
					bindingConfiguration="BasicHttpBinding" 
					contract="MyService.IService" 
					name="BasicHttpBinding_IService"
					behaviorConfiguration ="myIwaInterceptorBehavior">
					<identity>
						<userPrincipalName value="target_user@domain" />
					</identity>
		  </endpoint>
		</client>
	</system.serviceModel>
  1. To see debug logs, please set the log level to Debug or Trace, via environment variable PivotalIwaWcfClientInterceptor:LogLevel:Default
Notes
  1. Stable versions are available at www.nuget.org, nuget feed
  2. The dev/alpha packages are available at www.myget.org, myget feed
  3. The packages are still in beta version as it still depends on a beta version of GssKerberos package.

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages

  • C# 82.0%
  • PowerShell 9.8%
  • Shell 8.2%