This package will add a Wcf client interceptor which will injects kerberos ticket for egress requests. This should be used together with the supply buildpack to make it fully functional
- Add the supply buildpack from here in the CF manifest (preferably the latest release).
IMPORTANT: Make sure the application is built/published with target platform
x64 - Follow the readme to setup the sources for kerberos config and keytab files For kerberos config template, please here
- Set the correct client UPN in AppSettings with key
ClientUserPrincipalNameas below (this section will be already added by the package)
<appSettings>
<add key="ClientUserPrincipalName" value="client_username@domain" />
</appSettings>- Set
ImpersonateClientUsertotrueif you need to impersonate the svc user with the client user account (this section will be already added by the package, default isfalse)
<appSettings>
<add key="ImpersonateClientUser" value="false" />
</appSettings>- Target service UPN has to be provided in the client/endpoint/identity configuration as in the sample below. If not, system will try to use the SPN
host/foo.bar(based on the below sample)
<system.serviceModel>
<client>
<endpoint address="http://foo.bar/myservice.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding"
contract="MyService.IService"
name="BasicHttpBinding_IService"
behaviorConfiguration ="myIwaInterceptorBehavior">
<identity>
<userPrincipalName value="target_user@domain" />
</identity>
</endpoint>
</client>
</system.serviceModel>- To see debug logs, please set the log level to
DebugorTrace, via environment variablePivotalIwaWcfClientInterceptor:LogLevel:Default
- Stable versions are available at www.nuget.org, nuget feed
- The dev/alpha packages are available at www.myget.org, myget feed
- The packages are still in beta version as it still depends on a beta version of GssKerberos package.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent