PZim 0 Posted February 26, 2019 Hello, Actually we have an application writen with Delphi 2006, that makes several requests HTTP, in an active directory environment. We want to change the protocol from NTLM authentication to Kerberos. Based on the documentation provided, we can use the component TRestOAuth to obtain a authentication token. (Kerberos) We can read in the documentation : (http://wiki.overbyte.eu/wiki/index.php/FAQ_Using_TRestOAuth) 'The preferred authorization method is for the native application to launch the standard browser and redirect to localhost where a small web server runs to capture the Authorization Code. That is how TRestOAuth works, transparently to the user, capturing the Authorization Code and using it for a token grant to get an Access Token.' We are looking for an example of how to implement a authentication Kerberos. As we understand the explanation from your documentation, we must also install a small web server onto the client post. In this way, do we use a solution like keycloak ? https://www.keycloak.org/ Thanks for your help Share this post Link to post
Angus Robertson 577 Posted February 26, 2019 I know nothing about Kerberos, never knowingly used it. I don't believe it has any connection to OAuth, except they both end up with an access token from an authentication server. But since Windows uses Kerberos, I assume it can be used unattended without user interaction, which is not the case with OAUth which is designed for interactive web applications. So I doubt the TRestOAuth component will be much use in implementing Kerberos, although our OpenSSL implementation should handle encryption. For Windows applications, I would assume there are API calls that will handle Kerberos in the same way that NTLM authentication is handled, but again I've never look at that and have no plans to do so. Angus Share this post Link to post
FPiette 385 Posted February 26, 2019 This is the reference document describing the HTPP authentication using Kerberos : https://tools.ietf.org/html/rfc4559 This document https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/understanding-http-authentication will help understand how it works. Everything could probably be implemented in HTTP client component. François Piette Share this post Link to post