ManufakturIT GmbH    |  +49 (0)2202 1882273   |



Here you will find some of our tools available for your free use.

Kerberos: NegotiateProxy

December 2014

If you want to test web services against a Kerberos server, or if you have to kerberize an existing GUI application, you can now use the reverse proxy “NegotiateProxy” free of charge…

In order to be able to use Kerberos with the utmost efficiency in a corporation, the GUI applications need to be “kerberized”. This means the following: All client applications must be able to request Kerberos tickets from the Windows Domain Controller and pass them on to the service backend. In the specialized environment of web services, Kerberos is deployed on the base of the standard SPNEGO, i.e. a Kerberos ticket is transferred in the form of a HTTP header to the service backend (“Authorization: Negotiate <Base64-encoded Kerberos Ticket>”).

Classical test tools like soapUI and JMeter support Kerberos/SPNEGO by default now. However, you need to conduct some configurations at the client which require admin rights in certain cases since the kerberized service requests do not happen in an entirely transparent way.


If you have to test web services against a Kerberos server, or if you have to kerberize an existing GUI application, you should use a Kerberized Reverse Proxy which takes the application's service requests, requests Kerberos tickets from the Domain Controller and transfers them automatically as SPNEGO conform HTTP header to the Backend. The tool “NegotiateProxy” is such a Reverse Proxy and is now at your disposal!


NegotiateProxy is a Reverse Proxy which conducts the SPNEGO/Kerberos communication without the user or application taking notice. This tool is applied in cases in which web services have to be set apart from kerberized service backends while the client applications themselves are not able to use Kerberos.

The standards SPNEGO, GSS-API and Kerberos respectively of the RfCs 4559, 2478, 4178 can be extracted from this link.

NegotiateProxy extends a non-Kerberized application with the feature “SPNEGO/Kerberos”: The proxy is started on the client computer and put on the kerberized backend provided with a forwarding/transmission order. The (non-kerberized) client application will then request its web services against the local reverse proxy and not against the actual service backend. The proxy will operate as a “Man-in-the-Middle” and take over the entire handling of the Kerberos tickets and SPNEGO header.

          Client                          Server
        +----------+                             +----------+
        |          |                             |          |
        |          |                             |          |
 +------+---- App. |                             |  App.    |
 |local |          |Negotiate         Kerberized |    ^     |
 |host  |          |  Proxy             Service  |    |     |
 +------+-->6268---|---------> Network --------> |---443    |
        |          |  [SSL]               SSL    |          |
        |          | [X.509]             X.509   |          |
        +----------+                             +----------+

In contrast to different proxy solutions, the NegotiateProxy does not have to be installed and can simply be selected via the prompt.




Crypto Library

January 2013

Secure programming requires the use of cryptographic algorithms. In order to create a better understanding for the application of cryptographic algorithms, we provide you with a free framework and a demonstration application under GPLv3.


The Crypto Library is a library on the basis of .NET 2.0, which enables a very simple use of cryptographic algorithms. Simply embed the library into your project and encourage your developers to use secure algorithms.


The demonstration application, which is supplied together with the library, displays the use of Crypto Library. Use this application for demonstration and awareness purposes!





February 2012

ChecksumValidation is a library for validating international bank account numbers (IBAN), credit cards, identification cards, passports as well as German bank details.

The validation is carried out through computing check sums.


Checksum algorithms for German bank details are published by the German Federal Reserve (Bundesbank).


In sum, ChecksumValidation implements roughly 150 algorithms. The software may be used free of charge via the license GNU GPLv3.

ChecksumValidation was implemented on the basis of Microsoft .NET 2.0 and consists of:


  • ChecksumValidation: a class library (DLL) for In-Process-Use

  • ChecksumSoapServer: a SOAP interface

  • ChecksumTcpServer: a TCP interface, which implements a domain specific language (DSL)

  • ChecksumComServer: a COM interface

  • ChecksumClient: a test application

  • ChecksumUnitTest: a unit test with 100% test coverage

  • ChecksumUtility: a command line tool for auxiliary functions





Please reload