I need to implement Kerberos authentication and get AD user groups for the authenticated user. I am restricted to use Kerberos protocol only so I am not able to use LDAP queries to AD.
It looks like, Kerberos authentication could be implemented using Spring security, but retrieving groups is not so simple.
According to the How to retrieve group membership from a kerberos ticket? and Get AD Groups with kerberos ticket in Java, there is no native support in Java reading the PAC fields.
Update: it looks like there is PACdecoder in the http://jaaslounge.sourceforge.net/. Is there any spring-security antive solution to get roles or should I use external classes?