Reputation: 864
Waffle SSPI how to set the SPNEGO mutualFlag
While trying to solve this problem we noticed a difference between the SPNEGO Requests (KRB_AP_REQ) from our GSSAPI and SSPI client implementations:
Using GSSPI the mutalFlag is set to False
Using SSPI the mutualFlag is set to True.
In our Java code calling GSSAPI we can explicitly set the flag to true or false as required, but I have found no way to do this using Waffle / SSPI.
Searching the Waffle code on Github for “mutual” gave only one hit: for the constant ISC_REQ_MUTUAL_AUTH
Is there a way to set the mutualFlag explicitly via Waffle / SSPI?
i.e. something equivalent to the GSSAPI code below:
GSSContext context = gssManager.createContext(serverName, mechOid, null, GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(false);
Upvotes: 0
Views: 119
Answers (1)
Reputation: 18415
Although I do not recommend to disable mutual auth. Waffle abstraction is too high. We have the same issue: wanted to modify context flags. We had to modify source code and recompile. Raise an issue with Waffle and provide a PR at best.
Code on question is here: https://github.com/Waffle/waffle/blob/0c6f832222b59537847281adf7d2959583809dff/Source/JNA/waffle-jna/src/main/java/waffle/windows/auth/impl/WindowsSecurityContextImpl.java#L117-L119
Upvotes: 1
Related Questions
- How do people make Java SPNEGO client work in Windows?
- Configuring Tomcat SSO using Kerberos SPNEGO
- SPNEGO Authentication Works from a Custom Java Client, but NOT from a Web Browser
- Auto-login using SPNEGO Web SSO
- What is this Waffle SSO example doing
- Java SSO with using waffle in Tomcat
- SSO waffle asking username and password
- Windows logged on user SSO in Play Framework 2
- Kerberos/SPNEGO server side auth change in Java8
- Any code examples of SpnegoContextToken with Java client?