CAS 3.1 Spnego Support
Christoph Ohliger
ohliger at fh-rosenheim.de
Wed Sep 19 04:30:24 EDT 2007
Hi,
I am trying to implement authentication against a MIT Kerberos Domain
and have following errors. Hope anyone can give me a hint, the kinit
works with the credentials ,-)
regards
Christoph Ohliger
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=xx.xx.xx.xx UDP:88, timeout=30000, number of
retries =3, #bytes=184
>>> KDCCommunication: kdc=xx.xx.xx.xx UDP:88, timeout=30000,Attempt =1,
#bytes=184
>>> KrbKdcReq send: #bytes read=608
>>> KrbKdcReq send: #bytes read=608
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/server.fh-rosenheim.de
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
principal is HTTP/server.fh-rosenheim.de at FH-ROSENHEIM.DE
EncryptionKey: keyType=3 keyBytes (hex dump)=0000: F7 19 37 38 89 1F E6 45
EncryptionKey: keyType=1 keyBytes (hex dump)=0000: F7 19 37 38 89 1F E6 45
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: AC 52 DE 04 0C 75 41
2C C1 B5 C6 A0 38 15 0D CB .R...uA,....8...
EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 25 B9 2A 43 C7 FE 86
37 15 68 19 1F 80 AE 67 1A %.*C...7.h....g.
0010: C8 F2 94 B6 2A B9 8F 85
EncryptionKey: keyType=17 keyBytes (hex dump)=0000: E9 CE 8D C3 8C 16 5A
FB 75 11 5C 41 8A EC E7 F3 ......Z.u.\A....
Commit Succeeded
jcifs.spnego.AuthenticationException: Error performing Kerberos
authentication: java.lang.reflect.InvocationTargetException
at
jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
at
jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
at jcifs.spnego.Authentication.process(Authentication.java:235)
at
org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler.doAuthentication(JCIFSSpnegoAuthenticationHandler.java:56)
at
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:58)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:84)
at
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:383)
at
org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecute(AbstractNonInteractiveCredentialsAction.java:79)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:203)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:142)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:61)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:58)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:58)
at org.springframework.webflow.engine.State.enter(State.java:200)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:229)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:112)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:208)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185)
at org.springframework.webflow.engine.State.enter(State.java:200)
at org.springframework.webflow.engine.Flow.start(Flow.java:557)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.start(RequestControlContextImpl.java:196)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:189)
at
org.springframework.webflow.executor.FlowExecutorImpl.launch(FlowExecutorImpl.java:206)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:131)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:172)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:857)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:792)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:475)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:430)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
jcifs.spnego.Authentication.processKerberos(Authentication.java:430)
... 69 more
Caused by: java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
... 74 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
jcifs.spnego.Authentication$ServerAction.run(Authentication.java:511)
... 76 more
Caused by: GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos Key)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:75)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:77)
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at
sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:45)
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
... 81 more
More information about the cas
mailing list