spnego

Java automatically uses Kerberos ticketCache when it shouldn't?

我只是一个虾纸丫 提交于 2019-12-11 04:58:31
问题 We have a server side application that can talk to external services. It depends on our configuration whether we authenticate against those services with the credentials of the user who called us, with pre-configured credentials, or not at all. The external services may use HTTP Negotiate authentication. For our custom HTTP/WebDAV requests, we use Apache HttpClient, where we have the credentials handling under our own control. But for JAX-WS calls (or plain HTTP URLs called by 3rd party libs)

Why does the Server need access to Kerberos?

北城以北 提交于 2019-12-11 02:19:17
问题 I am trying to find out how to authenticate Active Directory users to a remote server. The goal is to use SPNEGO to receive a Kerberos ticket. The Kerberos ticket can then be decrypted and the identity of the user can be estabilished. What I do not understand, is why access between server and Kerberos is required. Since the Service Ticket contains the client identity and is encrypted by the TGS private key, the Server does not need access to the Kerberos TGS. It can just decrypt the Ticket

Kerberos/Spnego authentication issue after password change

喜夏-厌秋 提交于 2019-12-10 20:26:23
问题 I setup Tomcat to use SPNEGO authentication, so the users can Single-Sign-On to our web applications without typing their password and everything worked fine. Yesterday i changed the password of the service account and i recreated the keytab file but after a Tomcat restart the SSO sopped to work. In the logs i found: exception [GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)] with root cause java.security.GeneralSecurityException: Checksum failed at sun

Java Kerberos authentication seems to work, still gets rejected

半城伤御伤魂 提交于 2019-12-09 09:37:48
问题 I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result. I can not spot the error in the Kerberos login sequence below, maybe you guys can: Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa lse principal is

SPNEGO with Java prompting password many times

老子叫甜甜 提交于 2019-12-07 20:26:55
问题 I'm using spnego http://spnego.sourceforge.net to make a single sign on on my system, the problem is that also typing the right password it will be prompt again and again. Sometimes if you type it twice you can join the system, sometimes you need to type more than 10 times the same user and password until get access to the system. After you are logged in to the system, the password can be prompted many times on random time, again and again and again. Thanks in advance 回答1: I've not tried that

Accessing a SPNEGO authenticated webservice from C#

自古美人都是妖i 提交于 2019-12-07 12:00:59
问题 We have a web service that serves data over HTTP and authenticates users via SPNEGO (and single sign-on). We want to write a C# client for this web service. Is there any standard/provided way in .NET of generating the necessary token? Extensive Googling suggests that there is no native support for SPNEGO. 回答1: In Windows the following should do the trick: BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows; /

Kerberos authorization doesn't work on Chrome and FireFox, but works on IE

≡放荡痞女 提交于 2019-12-07 10:01:20
问题 I follow this guide to integrate cas with Windows AD. It works fine on every browser few days ago. But not it only works on IE, when I use firefox browser only send "Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==" to server, then browser return to cas login page. This problem only have been found on production environment recently. I have a test environment with same configuration, but it works fine until now. I know when kerberos ticket is not cached on local, browser

SPNEGO authentication issue with password

假装没事ソ 提交于 2019-12-06 11:55:26
I have configured my application to use Kerberos authentication through SPNEGO with Websphere. Here are the details krb5.conf [libdefaults] default_realm = ABC.MYCOMPANY.COM default_keytab_name = FILE:C:\IBM\WebSphere\AppServer\kerberos\MyServer.keytab default_tkt_enctypes = rc4-hmac des-cbc-md5 default_tgs_enctypes = rc4-hmac des-cbc-md5 forwardable = true renewable = true noaddresses = true clockskew = 300 [realms] ABC.MYCOMPANY.COM = { kdc = TEST.abc.mycompany.com:88 default_domain = mycompany.com } [domain_realm] .mycompany.com = ABC.MYCOMPANY.COM login.conf spnego-client { com.sun

SSO authentication, response is always NTLM

ぐ巨炮叔叔 提交于 2019-12-06 05:49:59
I'm trying to implement SSO on an intranet application we are developing. I am using SPNEGO for this. Now I'm having some trouble configuring the SSO and hope someone here is able to help me. The setup is like this: Linux server with tomcat to serve the intranet application Windows Server 2008 as domain controller (Active Directory) Windows 7 client with IE9 and Firefox When I open the intranet application I see a GET request going from the client to the tomcat server. The first response of the tomcat server and the SpnegoFilter is a 401 unauthorized which is right, cause the client needs to

SPNEGO with Java prompting password many times

夙愿已清 提交于 2019-12-06 05:40:17
I'm using spnego http://spnego.sourceforge.net to make a single sign on on my system, the problem is that also typing the right password it will be prompt again and again. Sometimes if you type it twice you can join the system, sometimes you need to type more than 10 times the same user and password until get access to the system. After you are logged in to the system, the password can be prompted many times on random time, again and again and again. Thanks in advance I've not tried that specific spnego module yet, but I've encountered this issue before. The issue with SPNEGO and two login
订阅 spnego