Client1 interacts with Service1 which in turn interacts with Service 2. The
interaction with Service 2 should happen on behalf of Client1.
Authentication being used here is kerberos, and I have few issues in
explicitly setting the requestCredDelegation(true) on the client side. I
thought S4U2 self + S4U2 Proxy kerberos extensions could solve the issue.
These are the things I have done:
a) In the AD, On the Service1 account, enabled trusted delegation for
b) In my Service1 java code, after the client <-> Server connection is
established: 1) I create the server credentials: serverCreds =
manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, krb5Oid,
2). Create the GSSName corresponding to the client GSSName other =
manager.createName(XXX, GSSName.NT_USER_NAME, krb5Oid);
I get an error of No Valid credentials found.
I have created a Subject from the impersonated Credentials and try to run a
privileged Action, but similar error shows up, no service ticket found in
I see that when a subject is created by passing in the Credentials,
Krb5ProxyCredential is being ignored,