This package implements SPNEGO implementation for Hunchentoot.
- Author: Elias Martenson
- Email: firstname.lastname@example.org
The main dependency is on the package cl-gss, which uses is an FFI wrapper around the GSSAPI library.
First, make sure you have a keytab file that contains the service credentials for the principal
domain is the fully qualified domain name of the HTTP server.
Before starting the Hunchentoot server, register the keytab with GSSAPI using the following function:
Once this is done, every Hunchentoot handler function needs to be wrapped in a call to
SPNEGO-AUTH. Here is a simple example. Assuming the original content of the handler looked like this:
(defun handler-function () (setf (hunchentoot:content-type*) "text/plain") "You should be authenticated here")
When enabling single sign-on, the content should look like this:
(defun handler-function () (hunchentoot-single-signon:spnego-auth #'(lambda (name) (setf (hunchentoot:content-type*) "text/plain") "You should be authenticated here")))
The callback is called with an instance of
CL-GSS:NAME which can be used for authorisation. You can retrieve the name of the princpial using the function
CL-GSS:NAME-TO-STRING. Check the cl-gss package for further information.
- Elias Martenson <email@example.com>