Topic
1 reply Latest Post - ‏2012-10-29T16:11:29Z by SystemAdmin
SystemAdmin
SystemAdmin
6772 Posts
ACCEPTED ANSWER

Pinned topic Kerberus double hop in windows using DataPower

‏2012-10-28T09:25:13Z |
Hi

I'm trying to do a simple double hop in through DataPower

I have a console application calling a web service A through DataPower and service A calling web service B.

I create keytub in AD and DataPower put the ticket in the request.

Web service A is a Microsoft .net 2.0 web service and host in IIS 6.0 on a 2003 windows server.
Web service B is also a Microsoft .net 2.0 web service and host in other IIS 6.0 on a 2003 windows server.
The Console application is Microsoft .net 2.0

I want to see the original user (Which come from DataPower) in service B.

Unfortunately, when service A calling service B I'm getting 401 error.

If I'm not going through DataPower and do the same scenario, it work.
After using Wireshark sniffer its seems the ticket which goes from service A to B doesn't contain the Forwardable flag.
I'll really appreciate any idea.
Updated on 2012-10-29T16:11:29Z at 2012-10-29T16:11:29Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    6772 Posts
    ACCEPTED ANSWER

    Re: Kerberus double hop in windows using DataPower

    ‏2012-10-29T16:11:29Z  in response to SystemAdmin
    Is anyone have any experience with kerberos double hop and Datapower?