JGSS Kerberos issues

Thread view:

clumpkin@gmail.com - 03 Mar 2006 16:27 GMT

I'm trying to implement single sign-on using jCIFS. I'm having
difficulties with Kerberos on some clients. For some reason, the web
browser on my machine defaults to NTLM authentication, and that's
working fine. The problem I'm having is when a client tries to use
Kerberos to authenticate. I've tried setting jCIFS flags to turn off
Kerberos, to no avail. I've read the documentation and configured
Kerberos accordingly. I just can't get past this error. Relevant info
below:

Environment:
JBoss 4.0.1sp1/WinXP/JDK 1.4.2_07

Kerberos properties:
javax.security.auth.useSubjectCredsOnly=false
jcifs.http.enableNegotiate=false
java.security.krb5.realm=VTIC.COM
java.security.krb5.kdc=agil02.vtic.com
sun.security.krb5.debug=true
jcifs.spnego.servicePrincipal=HTTP/ws-lumpkin.vtic.com@VTIC.COM
jcifs.spnego.servicePassword=xxxxxxxxx
javax.security.auth.useSubjectCredsOnly=false

Error message:
2006-03-03 10:41:45,043 INFO [STDOUT] Negotiate
YIIE6AYGKwYBBQUCoIIE3DCCBNigJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBK4EggSqYIIEpgYJKoZIhvcSAQICAQBuggSVMIIEkaADAgEFoQMCAQ6iBwMFACAAAACjggPBYYIDvTCCA7mgAwIBBaEKGwhWVElDLkNPTaImMCSgAwIBAqEdMBsbBEhUVFAbE3dzLWx1bXBraW4udnRpYy5jb22jggN8MIIDeKADAgEXoQMCARGiggNqBIIDZrffE8Fnkd+d+z4KN/T3rGs/8tZ84bxy3aR16SMrfZicPfsA0pyMsFjwpl9KTDZt8LnT6ujlph5xyEC9or5SswLB/XNSe23uuEBX7F80qZZhvcVOkMlaxI8L5xK+773TNMqCYRL0UGWI2ac8PhbrN6Q5RSatAh4sf4aF54ZcvkRH70Dt6r3oH2blBQ4l6oGk4TMZeXw6HIabNFi1/11kcbFfifeWS0+M4hPC9OD+9h8GA/Q1CL0LAWPr+MWT4lZeZ95XQWjNUQh0ZbKtiaaB8j5nQtwhNhRAeu+jay35NH0DnpZLwklCf8sqP+3AfTLBcGFcO7hWfxBMoae4vYfZ1MIkNlInmM+nUBEhhRJ1Vy0KR6/A6TxUo7tuifXpyhmOZPYYkx7xUmqR7F3zmezq60BLS5vjYcVkxlJa5la8jh6PZ/NWrOKR/stUhNyjLCO+TSuy8ZJUjJfaK7V6ONpqSvagHU9Qws/az5CvH/csC01MzhaQuuPfmug5Ebl2VxC2OnOtMi7+9MnDu6zWyUHhvNYGNcsG0KxK6WzP6PGvaQFwlK1qoed2w/8ucZSrjiA4jVZw2ferpc5uZAMyi0aczJwk/xTjPS+yLb4VOH65+TrUdRlCOp9RMNz/A5kzI0KorrEuiN6dptP/Rs5lVjMwBSWQp5/+QB22lHPeP6l0Gex15i+bbQ1ljYdYL76ApzvvimRLjd1I4DNmNNMkuWsXNXHaTCXSDbO+quktPpZS5uw1kIEFNSSQ5nDmAcxbBL0T8SbHirs4kC4ZPhRsYnbeSIQFHpkrEAL699wVvNxairKh/3i6GuVx2Ct2u8xHUkoJs/csawLJigJu1c0FXIxTUEP6ak7aCpTtC9FFbERKJi66Pr710s7aiq0UeCGCP6jKyb/6KsjgL98DrdJiwwHFqiYZDqud7IwAn1HI+3VHI155kw6B2ciRtkRfsHfiv3V7oQoY8fM3Uy90ksV4TJ8tPNvwIsoZo62u4VBcc7d+fYHa1hSM2n2OYUnqVzN5fIG2fodInSMCzRVdrfx8e8HCGkXGqLUkSojNwqa/Paswa5V4+QuXtkGda+htIJyfHbNM6F4AxXXk0f0Ti0RpKL/0fWfJswL7kkwgQ8J8lVeDNXoJZSOdIcN4u10i3E95JoENjPh0m7r9paSBtjCBs6ADAgEXooGrBIGoYcaOOfV1qU0ouvj9Vv6x07iOih9H+UMZknk/u4YSzMySrVrQfaXNh0bZEO/vJ6EF9WEOSWfkjbjxTtOkMdJlyKA6VZHqwIfT3b9E0eL/I19uG8nYl4qM1OaQ2m3JoBscIEP8dTDu23910B9svUw6V8NsjGmOSVB3FMkj3iBQU0Pmvh9igKfbQEt6bs3NReSBlEZwvk/9Z1TH+3sa6AQNNcCVuhreuXXK
2006-03-03 10:41:58,715 INFO [STDOUT]
jcifs.spnego.AuthenticationException: Error performing Kerberos
authentication: java.lang.reflect.InvocationTargetException
2006-03-03 10:41:58,715 INFO [STDOUT]     at
jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
jcifs.spnego.Authentication.process(Authentication.java:235)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
jcifs.http.Negotiate.authenticate(Negotiate.java:47)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
com.agilquest.onboard.auth.IntegratedSsoHelper.authenticateNtlm(IntegratedSsoHelper.java:154)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
com.agilquest.onboard.sso.IntegratedSsoFilter.doFilter(IntegratedSsoFilter.java:93)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2006-03-03 10:41:58,715 INFO [STDOUT]     at
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:153)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
java.lang.Thread.run(Thread.java:534)
2006-03-03 10:41:58,731 INFO [STDOUT] Caused by:
java.lang.reflect.InvocationTargetException
2006-03-03 10:41:58,731 INFO [STDOUT]     at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
java.lang.reflect.Method.invoke(Method.java:324)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
jcifs.spnego.Authentication$ServerAction.run(Authentication.java:511)
2006-03-03 10:41:58,731 INFO [STDOUT]     at
jcifs.spnego.Authentication.processKerberos(Authentication.java:430)
2006-03-03 10:41:58,731 INFO [STDOUT]     ... 37 more
2006-03-03 10:41:58,746 INFO [STDOUT] Caused by: GSSException: No
valid credentials provided (Mechanism level: Failed to find any
Kerberos Key)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:82)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
2006-03-03 10:41:58,746 INFO [STDOUT]     at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
2006-03-03 10:41:58,746 INFO [STDOUT]     ... 43 more

Any help is appreciated,
Chris

Reply to this Message

chris - 03 Mar 2006 19:33 GMT

P.S. - I'm not using JAAS, just trying to authenticate and use custom
application security, so no jaas.conf file is being used.

Reply to this Message

JGSS Kerberos issues

Free Magazines