TechQA.

Kerberos client - kerberoRestTemplate not working

1.3k views Asked by At

Im trying to consume an api which is authenticating with Kerberos. I have referred the below spring documentation related to KerberosRestTemplate.reference link, im passing the correct keytab file and the userPrincipal values as mentioned in the reference doc. But still im receiving 401 from the server. But when I execute the kinit command in the terminal it receives a ticket from KDC and with that, im able to execute the curl command and get a working response.

        KerberosRestTemplate kerberosRestTemplate = new KerberosRestTemplate("svc_dfsd.keytab", "[email protected]");
        String url="https://wexample.com:20550/aggr_subscriber_summary_hbase/03434809824";
        HttpHeaders headers = new HttpHeaders();
        headers.setAccept(Arrays.asList(MediaType.TEXT_XML));
        HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);

        ResponseEntity<String> response = kerberosRestTemplate.exchange(url, HttpMethod.GET, entity, String.class);

Can you suggest any other better approach to do this or fix this. All your comments are highly appreciated!!!

spring-boot spring-security kerberos resttemplate spring-security-kerberos
Original Q&A
1

There are 1 answers

0
bedrin On BEST ANSWER

Troubleshooting Kerberos might be tricky since the errors are often misleading and Java implementation does a lot if implicit actions (canonicalization of URLs, etc.).

I suggest trying Kerb4J library which allows you to generate the kerberos token explicitly:

SpnegoClient spnegoClient = SpnegoClient.loginWithKeyTab("[email protected]", "svc_dfsd.keytab");
SpnegoContext context = spnegoClient.createContext("https://wexample.com"); // Will result in HTTP/wexample.com SPN

RestTemplate restTemplate = new RestTemplate();
String url="https://wexample.com:20550/aggr_subscriber_summary_hbase/03434809824";
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_XML));
headers.add("Authorization", context.createTokenAsAuthroizationHeader());
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);

ResponseEntity<String> response = restTemplate .exchange(url, HttpMethod.GET, entity, String.class);

If default SPN resolution works for you, you can also use SpnegoRestTemplate from this Kerb4J:

SpnegoClient spnegoClient = SpnegoClient.loginWithKeyTab("[email protected]", "svc_dfsd.keytab");

SpnegoRestTemplate spnegoRestTemplate = new SpnegoRestTemplate(spnegoClient);
String url="https://wexample.com:20550/aggr_subscriber_summary_hbase/03434809824";
HttpHeaders headers = new HttpHeaders();
headers.setAccept(Arrays.asList(MediaType.TEXT_XML));
HttpEntity<String> entity = new HttpEntity<String>("parameters", headers);

ResponseEntity<String> response = spnegoRestTemplate.exchange(url, HttpMethod.GET, entity, String.class);

Disclaimer: I'm the author of Kerb4J

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in KERBEROS

Related Questions in RESTTEMPLATE

Related Questions in SPRING-SECURITY-KERBEROS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions