public class GSSCredentialsClient
extends Object
Sample client able to authenticate against ApacheDS LDAP server with Krb5 GSS Credential.
Credential was previously retrieved from SPNEGO authentication against Keycloak auth-server and transmitted from
Keycloak to the application in OIDC access token
We can use GSSCredential to further GSS API calls . Note that if you will use GSS API directly, you can
attach GSSCredential when creating GSSContext like this:
GSSContext context = gssManager.createContext(serviceName, KerberosSerializationUtils.KRB5_OID, deserializedGssCredential, GSSContext.DEFAULT_LIFETIME);
In this example we authenticate against LDAP server, which calls GSS API under the hood when credential is attached to env under Sasl.CREDENTIALS key
- Author:
- Marek Posolda