Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] How to support both client-auth and Kerberos from the same HTTPS servlet?

Hi, what is the best way to support both client-cert based authentication and Kerberos over HTTPS in Java please? I figured how to do so for either. For client-cert, it's transport layer auth and the server-side would call setWantClientAuth(true). For Kerberos (SPNEGO), I can use an HTTP Authorization header to flow the token. The client can choose any scheme to talk to the HTTPS service. Is there a standard way to do so? Does it make sense to use WWW-Authenticate HTTP header to challenge the client to use either of the two schemes? Thanks!

Back to the top