CAS & Spnego is not working

.Daniel. daniel.neubacher at xing.com
Fri Feb 15 03:07:33 EST 2008 

Hello there,
i'm totaly new in the cas world so please go easy on me. 
I configured cas as the spnego manual described but it's not working. When i
visit the login site cas is logging some errors. I think there is maybe an
error with my kerberos token but when i capture the network traffic while i
visit the login screen, i don't see any connection to my dc. And it seems
that cas is totaly ignoring my login.conf, it doesnt matter what conf dir i
set...

Here is my cas.log.... maybe someone can help me :(


the login.conf part of my deployerConfigContext.xml:

<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="jcifsServicePrincipal"
value="HTTP/kuhlstation.xing.hh at XING.HH" />
<property name="jcifsServicePassword" value="*******" />
<property name="kerberosDebug" value="true" />
<property name="kerberosRealm" value="XING.HH" />
<property name="kerberosKdc" value="172.20.1.10" />
<property name="loginConf" value="/WEB-INF/login.conf" />
</bean>




cas.log after starting tomcat:

2008-02-13 16:34:51,819 WARN
[org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler]
-
org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler
is only to be used in a testing environment.  NEVER enable this in a
production environment.
2008-02-13 16:34:51,955 INFO [org.quartz.simpl.SimpleThreadPool] - Job
execution threads will use class loader of thread: main
2008-02-13 16:34:51,977 INFO [org.quartz.core.QuartzScheduler] - Quartz
Scheduler v.1.5.2 created.
2008-02-13 16:34:51,979 INFO [org.quartz.simpl.RAMJobStore] - RAMJobStore
initialized.
2008-02-13 16:34:51,980 INFO [org.quartz.impl.StdSchedulerFactory] - Quartz
scheduler 'DefaultQuartzScheduler' initialized from default resource file in
Quartz package: 'quartz.properties'
2008-02-13 16:34:51,980 INFO [org.quartz.impl.StdSchedulerFactory] - Quartz
scheduler version: 1.5.2
2008-02-13 16:34:51,980 INFO [org.quartz.core.QuartzScheduler] - JobFactory
set to: org.springframework.scheduling.quartz.AdaptableJobFactory at 4b0bbb
2008-02-13 16:34:51,981 INFO [org.quartz.core.QuartzScheduler] - Scheduler
DefaultQuartzScheduler_$_NON_CLUSTERED started.
2008-02-13 16:34:52,003 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsServicePrincipal is set to HTTP/kuhlstation.xing.hh at XING.HH
2008-02-13 16:34:52,004 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsServicePassword is set to *****
2008-02-13 16:34:52,004 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosDebug is set to : true
2008-02-13 16:34:52,004 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosRealm is set to :XING.HH
2008-02-13 16:34:52,004 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosKdc is set to : 172.20.1.10
2008-02-13 16:34:52,005 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
configured login configuration path : /WEB-INF/login.conf
2008-02-13 16:34:52,092 DEBUG [net.sf.ehcache.config.ConfigurationFactory] -
Configuring ehcache from InputStream
2008-02-13 16:34:52,099 DEBUG [net.sf.ehcache.config.DiskStoreConfiguration]
- Disk Store Path: /var/tmp/tomcat-6/
2008-02-13 16:34:52,103 DEBUG [net.sf.ehcache.config.ConfigurationHelper] -
No CacheManagerEventListenerFactory class specified. Skipping...
2008-02-13 16:34:52,103 DEBUG [net.sf.ehcache.config.ConfigurationHelper] -
No CachePeerListenerFactoryConfiguration specified. Not configuring a
CacheManagerPeerListener.
2008-02-13 16:34:52,103 DEBUG [net.sf.ehcache.config.ConfigurationHelper] -
No CachePeerProviderFactoryConfiguration specified. Not configuring a
CacheManagerPeerProvider.
2008-02-13 16:34:52,111 DEBUG [net.sf.ehcache.config.ConfigurationHelper] -
No BootstrapCacheLoaderFactory class specified. Skipping...
2008-02-13 16:34:52,119 DEBUG [net.sf.ehcache.store.DiskStore] - Deleting
data file ticketCache.data
2008-02-13 16:34:52,129 DEBUG [net.sf.ehcache.store.MemoryStore] -
Initialized net.sf.ehcache.store.LruMemoryStore for ticketCache
2008-02-13 16:34:52,130 DEBUG [net.sf.ehcache.store.LruMemoryStore] -
ticketCache Cache: Using SpoolingLinkedHashMap implementation
2008-02-13 16:34:52,131 DEBUG [net.sf.ehcache.Cache] - Initialised cache:
ticketCache
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path
expressions
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Detected CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON directive; Instructing
mapper to convert URLs to lowercase before comparison
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 1:
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 3: PATTERN_TYPE_APACHE_ANT
2008-02-13 16:34:52,191 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 4: /**=ROLE_ADMIN
2008-02-13 16:34:52,193 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 5:
2008-02-13 16:34:52,194 DEBUG
[org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] -
Added Ant path: /**; attributes: [ROLE_ADMIN]
2008-02-13 16:34:52,195 INFO
[org.acegisecurity.intercept.AbstractSecurityInterceptor] - Validated
configuration attributes
2008-02-13 16:34:52,198 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Detected PATTERN_TYPE_APACHE_ANT directive; using Apache Ant style path
expressions
2008-02-13 16:34:52,198 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Detected CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON directive; Instructing
mapper to convert URLs to lowercase before comparison
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 1:
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 2: CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 3: PATTERN_TYPE_APACHE_ANT
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 4: /**/loggedout.html=#NONE#
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 5:
/**=httpSessionContextIntegrationFilter,logoutFilter,casProcessingFilter,exceptionTranslationFilter,filterInvocationInterceptor
2008-02-13 16:34:52,201 DEBUG
[org.acegisecurity.intercept.web.FilterInvocationDefinitionSourceEditor] -
Line 6:
2008-02-13 16:34:52,202 DEBUG
[org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] -
Added Ant path: /**/loggedout.html; attributes: [#NONE#]
2008-02-13 16:34:52,202 DEBUG
[org.acegisecurity.intercept.web.PathBasedFilterInvocationDefinitionMap] -
Added Ant path: /**; attributes: [httpSessionContextIntegrationFilter,
logoutFilter, casProcessingFilter, exceptionTranslationFilter,
filterInvocationInterceptor]
2008-02-13 16:34:52,690 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.deleteRegisteredService(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-02-13 16:34:52,690 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.manage(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-02-13 16:34:53,039 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not
set.  Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2008-02-13 16:35:11,908 DEBUG [org.quartz.core.JobRunShell] - Calling
execute on job DEFAULT.jobDetailTicketRegistryCleaner
2008-02-13 16:35:11,920 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Starting cleaning of expired tickets from ticket registry at [Wed Feb 13
16:35:11 CET 2008]
2008-02-13 16:35:11,921 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - 0
found to be removed.  Removing now.
2008-02-13 16:35:11,921 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Finished cleaning of expired tickets from ticket registry at [Wed Feb 13
16:35:11 CET 2008]




cas.log after visiting the cas site:
2008-02-13 16:35:43,145 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction]
- Setting ContextPath for cookies to: /cas
2008-02-13 16:35:43,167 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-02-13 16:35:43,167 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Authorization header not found.  Sending WWW-Authenticate header
2008-02-13 16:35:43,168 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' completed execution; result is
'success'
2008-02-13 16:35:43,168 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' beginning execution
2008-02-13 16:35:43,168 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' completed execution; result is 'error'
2008-02-13 16:35:43,548 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-02-13 16:35:43,549 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' completed execution; result is
'success'
2008-02-13 16:35:43,549 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' beginning execution
2008-02-13 16:35:43,549 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO
Authorization header found with 56 bytes
2008-02-13 16:35:43,555 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained
token: NTLMSSP?(

2008-02-13 16:35:43,558 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create
TicketGrantingTicket for Principal is null
PuTTY2008-02-13 16:35:43,716 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Unable to
obtain the output token required.
2008-02-13 16:35:43,716 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Setting
HTTP Status to 401
2008-02-13 16:35:43,716 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' completed execution; result is 'error'

-- 
View this message in context: http://www.nabble.com/CAS---Spnego-is-not-working-tp15459837p15459837.html
Sent from the CAS Users mailing list archive at Nabble.com.

More information about the cas mailing list