Use Windows SSPI API to generate kerberos ticket for JDBC SSO #441
Conversation
|
Thank you for your pull request and welcome to our community! To contribute, please sign the Oracle Contributor Agreement (OCA).
To sign the OCA, please create an Oracle account and sign the OCA in Oracle's Contributor Agreement Application. When signing the OCA, please provide your GitHub username. After signing the OCA and getting an OCA approval from Oracle, this PR will be automatically updated. If you are an Oracle employee, please make sure that you are a member of the main Oracle GitHub organization, and your membership in this organization is public. |
oracle-contributor-agreement
bot
added
the
OCA Required
ibre5041
changed the title
oracle-contributor-agreement
bot
added
OCA Verified
|
|
||
| // Activate SSPI bridge, your Kerberos token will be created using Windows SSPI API | ||
| System.setProperty("sun.security.jgss.native", "true"); | ||
| System.setProperty("sun.security.jgss.lib", "sspi_bridge.dll"); |
There was a problem hiding this comment.
According to JDK-8214079 there is no need to sun.security.jgss.lib as long as sun.security.jgss.native is set to true. Can you please doublecheck?
There was a problem hiding this comment.
I've commented out this line. As I recall it had to be used on JDK11 only.
| import oracle.net.ano.AnoServices; | ||
|
|
||
| public class GSSAuthSSPIConnectSample { | ||
| // This should return your AD LOGIN |
There was a problem hiding this comment.
Just for consistency with the other code samples: could you please use 2 space characters for indentation?
There was a problem hiding this comment.
I've reformated the source file.
This sample shows how to use SSO uging Kerberos in Windows.
Since WIN2019 allowtgtsessionkey registry key is not available
and the only option how to acces Kerberos TGT is via Java's SSPI bridge.
This example activates sspi_bridge.dll library in Java JDK and uses Windowd SSPI API to generate Kerberos ticket.