Skip to content
No description, website, or topics provided.
C# PowerShell Shell
Branch: master
Clone or download
Pull request Compare This branch is 7 commits ahead of alfusinigoj:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
build
src/RouteServiceIwaWcfInterceptor
.gitignore
.nuke
GitVersion.yml
LICENSE
M.rtf
README.md
Wcf.Interceptor.Module.sln
azure-pipelines.yml
build.ps1
build.sh

README.md

PivotalServices.WcfClient.Kerberos.Interceptor

Build Status

NuGet MyGet

This package will add a Wcf client interceptor which will injects kerberos ticket for egress requests. This should be used together with the supply buildpack to make it fully functional

Below are the important developer instructions, to follow after installation of this package

  1. Add the supply buildpack from here in the CF manifest (preferably the latest release).

    IMPORTANT: Make sure the application is built/published with target platform x64

  2. Follow the readme to setup the sources for kerberos config and keytab files For kerberos config template, please here
  3. Set the correct client UPN in AppSettings with key ClientUserPrincipalName as below (this section will be already added by the package)
  <appSettings>
		<add key="ClientUserPrincipalName" value="client_username@domain" />
  </appSettings>
  1. Set ImpersonateClientUser to true if you need to impersonate the svc user with the client user account (this section will be already added by the package, default is false)
  <appSettings>
		<add key="ImpersonateClientUser" value="false" />
  </appSettings>
  1. Target service UPN has to be provided in the client/endpoint/identity configuration as in the sample below. If not, system will try to use the SPN host/foo.bar (based on the below sample)
  <system.serviceModel>
		<client>
		  <endpoint address="http://foo.bar/myservice.svc" 
					binding="basicHttpBinding" 
					bindingConfiguration="BasicHttpBinding" 
					contract="MyService.IService" 
					name="BasicHttpBinding_IService"
					behaviorConfiguration ="myIwaInterceptorBehavior">
					<identity>
						<userPrincipalName value="target_user@domain" />
					</identity>
		  </endpoint>
		</client>
	</system.serviceModel>
  1. To see debug logs, please set the log level to Debug or Trace, via environment variable PivotalIwaWcfClientInterceptor:LogLevel:Default
Notes
  1. Stable versions are available at www.nuget.org, nuget feed
  2. The dev/alpha packages are available at www.myget.org, myget feed
  3. The packages are still in beta version as it still depends on a beta version of GssKerberos package.
You can’t perform that action at this time.