Home » Android » Android authenticating with Kerberos

Android authenticating with Kerberos

Posted by: admin May 14, 2020 Leave a comment

Questions:

I am trying to create a Android application that uses an existing web service. However, the existing web service uses Kerberos for authentication and I am having trouble getting Android using the android-xmlrpc library to authenticate with the service. If anyone has any experience with this, please respond.

I am completely new to this kind of stuff, so any advice would be greatly appreciated!

Thanks,
Dave

How to&Answers:

The information here helped me to get my android app working with kerberos. Here’s a link to a project I’m working on. It does kerberos authentication. Here’s the pertinent code:

UsernamePasswordCredentials creds =
  new UsernamePasswordCredentials(username, password);
DefaultHttpClient client = getHttpClient();
client.getCredentialsProvider().setCredentials(SERVER_AUTH_SCOPE, creds);

boolean authWorked = false;
try{
  HttpGet get = new HttpGet(AUTH_URI);
  HttpResponse resp = client.execute(get);
  authWorked = hasValidCookie();
}
/*catch(AuthenticationException e){
Log.e("TAG", "Auth exceptions");
//TODO maybe do something?
}*/
catch(IOException e){
  Log.e("TAG", "IOException exceptions");
  //TODO maybe do something?
}

Here’s the getHttpClient() method:

  public static DefaultHttpClient getHttpClient(){
    if(httpClient == null){
      httpClient = new DefaultHttpClient();
      final HttpParams params = httpClient.getParams();
      HttpConnectionParams.setConnectionTimeout(params, REGISTRATION_TIMEOUT);
      HttpConnectionParams.setSoTimeout(params, REGISTRATION_TIMEOUT);
      ConnManagerParams.setTimeout(params, REGISTRATION_TIMEOUT);
    }
    return httpClient;
  }

Here’s hasValidCookie()

private static final String LOGIN_COOKIE_NAME = "CGISESSID";
private static boolean hasValidCookie(){
  for(Cookie cookie: getHttpClient().getCookieStore().getCookies()){
    if(cookie.getName().equals(LOGIN_COOKIE_NAME))
    {
      return true;
    }
  }
  return false;
}

Answer:

There is Hypergate (hypergate.com) which is a Kerberos client for Android allowing other apps to request tickets. It’s using the standard Android API, which means that WebView’s and most Browsers work without any code changes. There is an SDK that allows you to integrate easily, which will manage the tickets for you.

Disclaimer: I’m an engineer at Hypergate