WS-Security and GSS-API: How do I get the session key?

Michael B Allen ioplex at
Fri Mar 6 15:54:21 EST 2009

On Thu, Mar 5, 2009 at 9:29 PM,  < at> wrote:
> Hi Luke
> On Feb 24, 9:36 pm, Luke Howard <lu... at> wrote:
>> > I don't recall offhand if there's been an IETF draft proposing the
>> > specific extension we've got for extracting the session key.
>>    major = gss_inquire_sec_context_by_oid(&minor,
>>                                          ctx,
>>                                          GSS_C_INQ_SSPI_SESSION_KEY,
>>                                          &skey);
> Cool, we (Java SE Team at Sun) are also preparing to add a new method
> getSessionKey() to OpenJDK's JGSS-API for Java EE needs.

I think it would be better to have a GSSContext method that could
return an Object that is specific to the OID supplied. For example, in
the case of the session key, it would return a byte[] array like:

  Oid sspiSessionKeyOid = new Oid("1.2.840.113554.");
  byte[] sessionKey = (byte[])ctx.inquireSecContextByOid(sspiSessionKeyOid);

Otherwise you're going to end up just adding more methods in an
already overwhelming API.


Michael B Allen
Java Active Directory Integration

More information about the Kerberos mailing list