Question on SpNego

Healey, Thomas HealeyT at darden.virginia.edu
Tue Feb 5 11:32:29 EST 2008 

All,
I changed my config to use NTLM and got a little farther I think.
I am succeeding in the following state:
2008-02-05 11:17:03,709 DEBUG
[org.springframework.webflow.engine.impl.RequestControlContextImpl] -
<Signaling event 'success' in state 'startAuthenticate' of flow
'login-webflow'>

	<action-state id="startAuthenticate">
	  <action bean="negociateSpnego" />
	  <transition on="success" to="spnego" />
	</action-state>

But failing in this state:
2008-02-05 11:17:03,709 DEBUG
[org.springframework.webflow.engine.Transition] - <Executing
[Transition at 5a8a7e on = [eventId = 'error'], to = viewLoginForm] out of
state 'spnego'>
	<action-state id="spnego">
	  <action bean="spnego" />
	  <transition on="success" to="sendTicketGrantingTicket" />
	  <transition on="error" to="viewLoginForm" />
	</action-state>

Does anyone have any clue what could be happening?
Thanks in advance,
Tom

>From previous post:
************************************************************************
****
Date: Fri, 1 Feb 2008 14:27:29 -0500
From: "Healey, Thomas" <HealeyT at darden.virginia.edu>
Subject: Questions on Spnego
To: <cas at tp.its.yale.edu>
Message-ID:
	
<36E21C9E1EA9D844A3369632BE0EDDD2014800FB at MAIL02.darden.virginia.edu>
Content-Type: text/plain; charset="us-ascii"

All,

I followed the instructions @
http://www.ja-sig.org/wiki/display/CASUM/SPNEGO for the config of
Spnego.

My test CAS server is a windows xp box and the box that runs the AD is
obviously a windows (2003 in the case) box. My question is where do I
put the keytab and krb5.conf files created in the instructions. On my
local XP box (the CAS Server) If so where on that box would I put them?
On the KDC? (Which is the AD Server) If so where on that box would I put
them?

Right now my current behavior for the CAS client is that they are seeing
the CAS login page. Since I am logged into the domain this is not the
expected behavior. Also as another data point I can successfully be
authed against this very same AD server when using the LDAP
authentication handler. So I believe I am able to talk to the AD server
successfully. I am getting no errors when I boot CAS but I am getting to
the login screen which as I said is unexpected.

Tom
************************************************************************
****

More information about the cas mailing list