Questions tagged [spnego]

Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO) is a GSSAPI "pseudo mechanism" used by client-server software to negotiate the choice of security technology. SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports.

SPNEGO is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports.

The pseudo-mechanism uses a protocol to determine what common GSSAPI mechanisms are available, selects one and then dispatches all further security operations to it. This can help organizations deploy new security mechanisms in a phased manner.

Originally drafted in 1996 and finalized in 1998 as RFC-2487. In 2005 RDF-2478 was obsoleted by the publication of RFC-4178.

2 questions

vote

1 answer

Is there any existing attempted implementation of GSS-API/SPNEGO/GSS-SPNEGO for anything other than Kerberos / NTLM?

I'm aware that SPNEGO is de-facto only used in the wild for Kerberos or NTLM. Is there any research / academic / educational example on how it can be also used for other mechanisms as well?

asked Jul 12 '19 at 22:07

Eran Medan

votes

2 answers

How to prevent CSRF attacks on a REST API when using Windows Authentication

I have a Angular web app that interacts with a REST-API. Requests are authenticated with a JWT Bearer token. I now want to add support for Windows-Authentication. My current plan is to add a POST-Endpoint /token to the REST-API, which accepts…

authentication web-application csrf rest spnego

asked Jun 08 '20 at 10:27

webbertee