CAS 3.1 Spnego Support
Scott Battaglia
scott.battaglia at gmail.com
Thu Sep 20 09:43:39 EDT 2007
According to the stack trace:
GSSException: No valid credentials provided (Mechanism level:
Failed to find any Kerberos Key)
I don't know much about Kerberos so I'm not much help beyond finding
exceptions in the stack trace. There are a couple of developers who do
though (they're the one's that wrote the SPNEGO support) so hopefully
they'll see this and respond.
-Scott
On 9/19/07, Christoph Ohliger <ohliger at fh-rosenheim.de> wrote:
>
> Hi,
>
> I am trying to implement authentication against a MIT Kerberos Domain
> and have following errors. Hope anyone can give me a hint, the kinit
> works with the credentials ,-)
>
> regards
> Christoph Ohliger
>
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17.
> Acquire TGT using AS Exchange
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17.
> >>> KrbAsReq calling createMessage
> >>> KrbAsReq in createMessage
> >>> KrbKdcReq send: kdc=xx.xx.xx.xx UDP:88, timeout=30000, number of
> retries =3, #bytes=184
> >>> KDCCommunication: kdc=xx.xx.xx.xx UDP:88, timeout=30000,Attempt =1,
> #bytes=184
> >>> KrbKdcReq send: #bytes read=608
> >>> KrbKdcReq send: #bytes read=608
> >>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> >>> KrbAsRep cons in KrbAsReq.getReply HTTP/server.fh-rosenheim.de
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17.
> principal is HTTP/server.fh-rosenheim.de at FH-ROSENHEIM.DE
> EncryptionKey: keyType=3 keyBytes (hex dump)=0000: F7 19 37 38 89 1F E6 45
> EncryptionKey: keyType=1 keyBytes (hex dump)=0000: F7 19 37 38 89 1F E6 45
> EncryptionKey: keyType=23 keyBytes (hex dump)=0000: AC 52 DE 04 0C 75 41
> 2C C1 B5 C6 A0 38 15 0D CB .R...uA,....8...
>
> EncryptionKey: keyType=16 keyBytes (hex dump)=0000: 25 B9 2A 43 C7 FE 86
> 37 15 68 19 1F 80 AE 67 1A %.*C...7.h....g.
> 0010: C8 F2 94 B6 2A B9 8F 85
> EncryptionKey: keyType=17 keyBytes (hex dump)=0000: E9 CE 8D C3 8C 16 5A
> FB 75 11 5C 41 8A EC E7 F3 ......Z.u.\A....
>
> Commit Succeeded
>
> jcifs.spnego.AuthenticationException: Error performing Kerberos
> authentication: java.lang.reflect.InvocationTargetException
> at
> jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
> at
> jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
> at jcifs.spnego.Authentication.process(Authentication.java:235)
> at
>
> org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler.doAuthentication
> (JCIFSSpnegoAuthenticationHandler.java:56)
> at
>
> org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate
> (AbstractPreAndPostProcessingAuthenticationHandler.java:58)
> at
> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(
> AuthenticationManagerImpl.java:84)
> at
> org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(
> CentralAuthenticationServiceImpl.java:383)
> at
> org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecute(
> AbstractNonInteractiveCredentialsAction.java:79)
> at
> org.springframework.webflow.action.AbstractAction.execute(
> AbstractAction.java:203)
> at
> org.springframework.webflow.engine.AnnotatedAction.execute(
> AnnotatedAction.java:142)
> at
> org.springframework.webflow.engine.ActionExecutor.execute(
> ActionExecutor.java:61)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
> :180)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
> at
> org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
> (RequestControlContextImpl.java:208)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
> :185)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
> at
> org.springframework.webflow.engine.DecisionState.doEnter(
> DecisionState.java:58)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
> at
> org.springframework.webflow.engine.DecisionState.doEnter(
> DecisionState.java:58)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at
> org.springframework.webflow.engine.Transition.execute(Transition.java:229)
> at
> org.springframework.webflow.engine.TransitionableState.onEvent(
> TransitionableState.java:112)
> at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572)
> at
>
> org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent
> (RequestControlContextImpl.java:208)
> at
> org.springframework.webflow.engine.ActionState.doEnter(ActionState.java
> :185)
> at org.springframework.webflow.engine.State.enter(State.java:200)
> at org.springframework.webflow.engine.Flow.start(Flow.java:557)
> at
> org.springframework.webflow.engine.impl.RequestControlContextImpl.start(
> RequestControlContextImpl.java:196)
> at
> org.springframework.webflow.engine.impl.FlowExecutionImpl.start(
> FlowExecutionImpl.java:189)
> at
> org.springframework.webflow.executor.FlowExecutorImpl.launch(
> FlowExecutorImpl.java:206)
> at
>
> org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest
> (FlowRequestHandler.java:131)
> at
>
> org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal
> (FlowController.java:172)
> at
> org.springframework.web.servlet.mvc.AbstractController.handleRequest(
> AbstractController.java:153)
> at
> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(
> SimpleControllerHandlerAdapter.java:48)
> at
> org.springframework.web.servlet.DispatcherServlet.doDispatch(
> DispatcherServlet.java:857)
> at
> org.springframework.web.servlet.DispatcherServlet.doService(
> DispatcherServlet.java:792)
> at
> org.springframework.web.servlet.FrameworkServlet.processRequest(
> FrameworkServlet.java:475)
> at
> org.springframework.web.servlet.FrameworkServlet.doGet(
> FrameworkServlet.java:430)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
> at
> org.jasig.cas.web.init.SafeDispatcherServlet.service(
> SafeDispatcherServlet.java:115)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:237)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:157)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:214)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardContextValve.invokeInternal(
> StandardContextValve.java:198)
> at
> org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:152)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
> :137)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
> :118)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:102)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:109)
> at
> org.apache.catalina.core.StandardValveContext.invokeNext(
> StandardValveContext.java:104)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java
> :520)
> at
> org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
> at
> org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
> at
>
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection
> (Http11Protocol.java:705)
> at
> org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> ThreadPool.java:683)
> at java.lang.Thread.run(Thread.java:595)
> Caused by: java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java
> :39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> jcifs.spnego.Authentication.processKerberos(Authentication.java:430)
> ... 69 more
> Caused by: java.security.PrivilegedActionException:
> java.lang.reflect.InvocationTargetException
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
> ... 74 more
> Caused by: java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java
> :39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> jcifs.spnego.Authentication$ServerAction.run(Authentication.java:511)
> ... 76 more
> Caused by: GSSException: No valid credentials provided (Mechanism level:
> Failed to find any Kerberos Key)
> at
> sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(
> Krb5AcceptCredential.java:75)
> at
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(
> Krb5MechFactory.java:77)
> at
> sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java
> :149)
> at
> sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:389)
> at
> sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:45)
> at
> sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
> ... 81 more
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
--
-Scott Battaglia
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070920/70d52cc6/attachment.html
More information about the cas
mailing list