I had a question for you related to Windows authentication and SSO using kerberos functions of AD.
I'm trying to make kerberos-compatible a little software
The service is a custom web server service, written in Java at the begining (no apache no tomcat etc.. : it's a really quite simple service that gives specific information.)
It's so simple so we can consider it can be in any langage delphi, vb
I've ried to make it work SSO-like :
It uses SPNEGO (Kerberos), and listens on port 80.
To be more precise , I've already setup an clean config :
An AD server (W2K3) on computer "Main",
an host for my application on computer "SRV",
a client trying to connect to my service on that previously mentionned host,
Every computer is logged on the AD network,
I've created every config elements already (via use of SPN; ktab etc.. )
I got my keytabfor my simple plain java app, serving a dumb http service
When IE try to connect it, I response him a http 401 Autorization: Negotiate, so IE goes and get TGS from the AD
and sends it back to me as part of my header :
Authorization: Negotiate YIIFCQYGKwYBBQUCoIIE/TCCBPmgMDAuBgkqh..........
my question is this, my dear experts :
could you help me figure out what to do next
I got a TGS (wrapped with SPNEGO in the http header)
I got my service keytab
What API is to be used to validate this AND get the user name...
How can I extract this krb5 token hidden there beneath the encoding;
The ultimate goal of this for me is (with the help of this kerberos token IE gives me) to know who is using my service so i can send him accurate informations directly (this is what the call SSO right )
All i want is getting this single info : which account is requesting the service
don't matter if i have to do it in Java; or C/C++ or VB
Consider I can pass the token to any native C/C++ or VB code to deal with it natively but i found no sdk , library etc.. dealing with this subject
Any help will be really appreciated