Java Client accessing .NET Web Service and Kerberos Delegation withAD
we are running a .NET web service which uses Kerberos delegation to
access a backend service on behalf of the client's security context.
We have no problem with .NET client applications or IE accessing the web
service, but in case of a Java app acting as client, delegation fails.
The Java app correctly requests a TGT from the Win 2003 Active Directory
and then requests and gets a valid service ticket to access the .NET web
service. After that, the web service does a programmatically
impersonation before making a ADSI/LDAP bind to the AD. This
impersonation fails in case of a Java application.
- Java 6 application on Windows
- IIS 6
- ASP.NET 2.0 Web Service
- Windows Server 2003 Active Directory Domain Controller (LDAP)
Did anyone implemented a similar environment and may help me to find a
solution? I can post configuration files, log files and network traces.