Retrieving session key on service side
843810Feb 19 2008 — edited Sep 1 2010I have got most of my SOAP framework with kerberos going. The last part, however, is proving to be really difficult.
Basically, the SOAP message is signed at the client side using the session key in the service ticket. The GSS token is passed via the SOAP header, and on the server side an acceptSecContext() call is successfully made.
The trouble is that in order to verify the message signature I need to get the session key (which from reading the Kerberos spec) should have been in the GSS token that was passed to acceptSecContext(). However I cannot find any API methods for getting this session key on the server side, and the ticket and/or session key is not put into my Subject during the acceptSecContext() call - so I have no way of accessing this session key.
Does anyone know how to get the session key on the service side? Note that it is the client-service session key that is in the service ticket when it is first given to the client.