zenchild edited this page Dec 16, 2010 · 4 revisions
Clone this wiki locally

Ruby GSSAPI Library

This is a wrapper around the system GSSAPI library. It exposes the low-level GSSAPI methods like gss_init_sec_context and gss_wrap and also provides an easier to use wrapper on top of this for common usage scenarios.

Getting Started

Most people will probably be using GSSAPI with Kerberos in a fairly standard way. There is a class called GSSAPI::Simple that provides an easy interface for writing clients and servers for both authentication and message integrity/confidentiality.

Example Authentication using GSSAPI::Simple

This example uses an Exchange Web Services endpoint to authenticate to, but it could be any GSSAPI/Kerberos protected url.

require 'httpclient'
require 'base64'
require 'gssapi'
uri = URI.parse "https://example.org/ews/Services.wsdl" # MS Exchange Web Services
service = 'HTTP'

cli = HTTPClient.new

gsscli = GSSAPI::Simple.new(uri.host, service)
# initiate the security context.  The output token needs to be sent to the remote server.
token = gsscli.init_context

# Send the output token as part of the Authorization header
ext_head = {"Authorization" => "Negotiate #{Base64.strict_encode64(token)}"}
resp = cli.get(uri, nil, ext_head)

# Get the response 'WWW-Authenticate' header for Negotiate. It will contain the token needed to
# finalize the security context.
itok = resp.header["WWW-Authenticate"].pop.split(/\s+/).last
gsscli.init_context(Base64.strict_decode64(itok))  # The context should now return true