CODEWITHSUNDEEP
androidkerberosxml-rpc
jrmints
jrmints

Reputation: 151

Android authenticating with Kerberos

I am trying to create a Android application that uses an existing web service. However, the existing web service uses Kerberos for authentication and I am having trouble getting Android using the android-xmlrpc library to authenticate with the service. If anyone has any experience with this, please respond.

I am completely new to this kind of stuff, so any advice would be greatly appreciated!

Thanks, Dave

Upvotes: 13

Views: 12856

Answers (2)

Papers.ch
Papers.ch

Reputation: 128

There is Hypergate (hypergate.com) which is a Kerberos client for Android allowing other apps to request tickets. It's using the standard Android API, which means that WebView's and most Browsers work without any code changes. There is an SDK that allows you to integrate easily, which will manage the tickets for you.

Disclaimer: I'm an engineer at Hypergate

Upvotes: 1

Kurtis Nusbaum
Kurtis Nusbaum

Reputation: 30825

The information here helped me to get my android app working with kerberos. Here's a link to a project I'm working on. It does kerberos authentication. Here's the pertinent code:

UsernamePasswordCredentials creds =
  new UsernamePasswordCredentials(username, password);
DefaultHttpClient client = getHttpClient();
client.getCredentialsProvider().setCredentials(SERVER_AUTH_SCOPE, creds);

boolean authWorked = false;
try{
  HttpGet get = new HttpGet(AUTH_URI);
  HttpResponse resp = client.execute(get);
  authWorked = hasValidCookie();
}
/*catch(AuthenticationException e){
Log.e("TAG", "Auth exceptions");
//TODO maybe do something?
}*/
catch(IOException e){
  Log.e("TAG", "IOException exceptions");
  //TODO maybe do something?
}

Here's the getHttpClient() method:

  public static DefaultHttpClient getHttpClient(){
    if(httpClient == null){
      httpClient = new DefaultHttpClient();
      final HttpParams params = httpClient.getParams();
      HttpConnectionParams.setConnectionTimeout(params, REGISTRATION_TIMEOUT);
      HttpConnectionParams.setSoTimeout(params, REGISTRATION_TIMEOUT);
      ConnManagerParams.setTimeout(params, REGISTRATION_TIMEOUT);
    }
    return httpClient;
  }

Here's hasValidCookie()

private static final String LOGIN_COOKIE_NAME = "CGISESSID";
private static boolean hasValidCookie(){
  for(Cookie cookie: getHttpClient().getCookieStore().getCookies()){
    if(cookie.getName().equals(LOGIN_COOKIE_NAME))
    {
      return true;
    }
  }
  return false;
}

Upvotes: 2

Related Questions