DEVHIDE
Login Or Sign up

Problems Configuring Spring Security Kerberos

77 Views Asked by At

I am trying to use Spring security kerberos to connect to Active Directory.

I tried the following:

java -Dsun.security.krb5.debug=true -Djava.security.krb5.conf=e:\temp\work\krb5.conf sun.security.krb5.internal.tools.Kinit -k -t e:\temp\work\tomcat.keytab HTTP/XXXX@YYYY

and I think the output looks fine.

>>>KinitOptions cache name is C:\Users\zzzzzzz
Principal is HTTP/XXXX@YYYY
>>> Kinit using keytab
>>> Kinit keytab file name: e:\temp\work\tomcat.keytab
Java config name: e:\temp\work\krb5.conf
Loading krb5 profile at e:\temp\work\krb5.conf
Loaded from Java config
>>> Kinit realm name is YYYY
>>> Creating KrbAsReq
>>> KrbKdcReq local addresses are:
   NetworkInterface name:lo (Software Loopback Interface 1):
      [/127.0.0.1, /0:0:0:0:0:0:0:1]
   NetworkInterface name:net0 (Microsoft 6to4 Adapter):
      []
   NetworkInterface name:net1 (WAN Miniport (L2TP)):
      []
   NetworkInterface name:eth0 (Microsoft Kernel Debug Network Adapter):
      []
   NetworkInterface name:net2 (Microsoft IP-HTTPS Platform Adapter):
      []
   NetworkInterface name:net3 (WAN Miniport (SSTP)):
      []
   NetworkInterface name:eth1 (WAN Miniport (IPv6)):
      []
   NetworkInterface name:eth2 (WAN Miniport (Network Monitor)):
      []
   NetworkInterface name:net4 (WAN Miniport (GRE)):
      []
   NetworkInterface name:net5 (Microsoft Teredo Tunneling Adapter):
      []
   NetworkInterface name:eth3 (WAN Miniport (IP)):
      []
   NetworkInterface name:net6 (WAN Miniport (IKEv2)):
      []
   NetworkInterface name:net7 (WAN Miniport (PPTP)):
      []
   NetworkInterface name:eth4 (vmxnet3 Ethernet Adapter):
      [/10.167.73.172]
   NetworkInterface name:ppp0 (WAN Miniport (PPPOE)):
      []
   NetworkInterface name:eth5 (vmxnet3 Ethernet Adapter-WFP Native MAC Layer LightWeight Filter-0000):
      []
   NetworkInterface name:eth6 (vmxnet3 Ethernet Adapter-QoS Packet Scheduler-0000):
      []
   NetworkInterface name:eth7 (vmxnet3 Ethernet Adapter-WFP 802.3 MAC Layer LightWeight Filter-0000):
      []
   NetworkInterface name:eth8 (WAN Miniport (IP)-WFP Native MAC Layer LightWeight Filter-0000):
      []
   NetworkInterface name:eth9 (WAN Miniport (IP)-QoS Packet Scheduler-0000):
      []
   NetworkInterface name:eth10 (WAN Miniport (IPv6)-WFP Native MAC Layer LightWeight Filter-0000):
      []
   NetworkInterface name:eth11 (WAN Miniport (IPv6)-QoS Packet Scheduler-0000):
      []
   NetworkInterface name:eth12 (WAN Miniport (Network Monitor)-WFP Native MAC Layer LightWeight Filter-0000):
      []
   NetworkInterface name:eth13 (WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000):
      []
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): YYYY
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): XXXX
>>> KeyTab: load() entry length: 105; type: 1
>>> KeyTabInputStream, readName(): YYYY
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): XXXX
>>> KeyTab: load() entry length: 105; type: 3
>>> KeyTabInputStream, readName(): YYYY
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): XXXX
>>> KeyTab: load() entry length: 113; type: 23
>>> KeyTabInputStream, readName(): YYYY
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): XXXX
>>> KeyTab: load() entry length: 129; type: 18
>>> KeyTabInputStream, readName(): YYYY
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): XXXX
>>> KeyTab: load() entry length: 113; type: 17
Looking for keys for: HTTP/XXXX@YYYY
Added key: 17, version: 5
Added key: 18, version: 5
Added key: 23, version: 5
Added key: 3, version: 5
Added key: 1, version: 5
default etypes for default_tkt_enctypes: 18 17 23 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=WWWW TCP:88, timeout=30000, number of retries =3, #bytes=291
>>> KDCCommunication: kdc=WWWW TCP:88, timeout=30000,Attempt =1, #bytes=291
>>>DEBUG: TCPClient reading 2199 bytes
>>> KrbKdcReq send: #bytes read=2199
>>> KdcAccessibility: remove WWWW:88
Looking for keys for: HTTP/XXXX@YYYY
Added key: 17, version: 5
Added key: 18, version: 5
Added key: 23, version: 5
Added key: 3, version: 5
Added key: 1, version: 5
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/XXXX
New ticket is stored in cache file C:\Users\zzzzzz

To prove it out, I took the example sec-server-win-auth-2.0.1-SNAPSHOT from https://github.com/spring-projects/spring-security-kerberos from https://github.com/spring-projects/spring-security-kerberos.I deployed a customized version of application.yml in the config folder. I am unable to get the applicatin to successfully authenticate with kerberos and am trying to understand the problem. I am running with :

java -Djava.security.krb5.debug=true -Dsun.security.jgss.debug=true -Dsun.security.spnego.debug=true -Dapp.service-principal='HTTP/XXX@YYY' -Dserver.port=7080 -Dapp.keytab-location=e:\temp\work\tomcat.keytab -jar -Djava.security.krb5.conf=e:\temp\work\krb5.conf .\sec-server-win-auth-2.0.1-SNAPSHOT-1.jar > output.log

At startup I see:

Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /e:/temp/work/tomcat.keytab refreshKrb5Config is false principal is 'HTTP/XXXX@YYYY' tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal is 'HTTP/XXXX@YYYY'
Will use keytab
Commit Succeeded
  • In some postings, I see a lot more information in this section of the log. Is this an indication of a problem?

It appears at system first access, the browser is trying to load /favicon.ico and that is not an unsecured url, so it triggering the kerberos validation. The log is listed below, but from other postings I read the problem is that it failed kerberos and is trying NTLM (starting with YII).

2024-01-25T09:21:27.251-05:00 DEBUG 79272 --- [nio-7080-exec-2] o.s.security.web.FilterChainProxy        : Secured GET /login
2024-01-25T09:21:27.251-05:00 TRACE 79272 --- [nio-7080-exec-2] o.s.web.servlet.DispatcherServlet        : "ERROR" dispatch for GET "/login", parameters={}, headers={masked} in DispatcherServlet 'dispatcherServlet'
2024-01-25T09:21:27.251-05:00 TRACE 79272 --- [nio-7080-exec-2] o.s.w.s.handler.SimpleUrlHandlerMapping  : Mapped to HandlerExecutionChain with [ParameterizableViewController [view="login"]] and 3 interceptors
2024-01-25T09:21:27.251-05:00 TRACE 79272 --- [nio-7080-exec-2] o.s.w.s.m.ParameterizableViewController  : Applying default cacheSeconds=-1
2024-01-25T09:21:27.267-05:00 DEBUG 79272 --- [nio-7080-exec-2] o.s.w.s.v.ContentNegotiatingViewResolver : Selected '*/*' given [image/avif, image/webp, image/apng, image/svg+xml, image/*, */*;q=0.8]
2024-01-25T09:21:27.267-05:00 TRACE 79272 --- [nio-7080-exec-2] o.s.web.servlet.DispatcherServlet        : Rendering view [org.thymeleaf.spring6.view.ThymeleafView@4d5d8d28] 
2024-01-25T09:21:27.329-05:00 DEBUG 79272 --- [nio-7080-exec-2] o.s.web.servlet.DispatcherServlet        : Exiting from "ERROR" dispatch, status 401, headers={masked}
2024-01-25T09:21:27.329-05:00 TRACE 79272 --- [nio-7080-exec-2] o.s.s.w.a.AnonymousAuthenticationFilter  : Set SecurityContextHolder to AnonymousAuthenticationToken [Principal=anonymousUser, Credentials=[PROTECTED], Authenticated=true, Details=WebAuthenticationDetails [RemoteIpAddress=165.223.30.131, SessionId=308779D6BAA23DBFBDC46042B1920CE6], Granted Authorities=[ROLE_ANONYMOUS]]
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Trying to match request against DefaultSecurityFilterChain [RequestMatcher=any request, Filters=[org.springframework.security.web.session.DisableEncodeUrlFilter@6256ac4f, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@44c79f32, org.springframework.security.web.context.SecurityContextHolderFilter@61526469, org.springframework.security.web.header.HeaderWriterFilter@3faf2e7d, org.springframework.security.web.csrf.CsrfFilter@5b58ed3c, org.springframework.security.web.authentication.logout.LogoutFilter@305f031, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@4ebea12c, org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter@7fcbe147, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@76ba13c, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@7c351808, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@235f4c10, org.springframework.security.web.access.ExceptionTranslationFilter@29ef6856, org.springframework.security.web.access.intercept.AuthorizationFilter@1536602f]] (1/1)
2024-01-25T09:21:27.354-05:00 DEBUG 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Securing GET /favicon.ico
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking DisableEncodeUrlFilter (1/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking WebAsyncManagerIntegrationFilter (2/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking SecurityContextHolderFilter (3/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking HeaderWriterFilter (4/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking CsrfFilter (5/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.csrf.CsrfFilter         : Did not protect against CSRF since request did not match CsrfNotRequired [TRACE, HEAD, GET, OPTIONS]
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking LogoutFilter (6/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.s.w.a.logout.LogoutFilter            : Did not match request to Ant [pattern='/logout', POST]
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking UsernamePasswordAuthenticationFilter (7/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] w.a.UsernamePasswordAuthenticationFilter : Did not match request to Ant [pattern='/login', POST]
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.security.web.FilterChainProxy        : Invoking SpnegoAuthenticationProcessingFilter (8/13)
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not find SecurityContext in HttpSession 308779D6BAA23DBFBDC46042B1920CE6 using the SPRING_SECURITY_CONTEXT session attribute
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-01-25T09:21:27.354-05:00 TRACE 79272 --- [nio-7080-exec-3] .s.s.w.c.SupplierDeferredSecurityContext : Created SecurityContextImpl [Null authentication]
2024-01-25T09:21:27.370-05:00 DEBUG 79272 --- [nio-7080-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Received Negotiate Header for request http://XXXX:7080/favicon.ico: Negotiate YIIJZQYGKwYBBQUCoIIJWTCCCVWgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCCR8EggkbYIIJFwYJKoZIhvcSAQICAQBuggkGMIIJAqADAgEFoQMCAQ6iBwMFACAAAACjgga8YYIGuDCCBrSgAwIBBaEiGyBURVNUQldDQUQuVEVTVEFELkJXQy5TVEFURS5PSC5VU6JCMECgAwIBAqE5MDcbBEhUVFAbL2J3Y3N3aWNzYXBzcjA1LnRlc3Rid2NhZC50ZXN0YWQuYndjLnN0YXRlLm9oLnVzo4IGQzCCBj+gAwIBEqEDAgEkooIGMQSCBi1JgE2vSaPdzhefPniOrIKOEfsj/bybw6EY/SrMLX+WoptPf/7nKo4SovnaivJDH9vRkBs3op5wJXpiQGl1kYnwMYIWYucC8Tle1ZNXFhW6LcrJ7emXCFIGN0Emy2gymnaKro/y1v79VWJELn2zf6RajDrpakbp1Gn87nWcs3iZdPjXAg/+8HDx2x5+0i6SlX131RDzxyEZmuwjhnYb21FYDiv42k7oDLZGVM/HxdML+k2Wf88L7d/r0E2Njancw9UIzwZjx+V8ya8/cQ/M/V8AEww4UIUNIwSRoaw02uvvqBUzdkDKMHDoHdJ7CVCF/tS9jluPZv5w2sJTe0U7vzXLfGHt2FVHMmaVoz3UKJUzaSRLh1ly6mnA1iUGKat0aUQowh7KU9eiCKEE45QbVwV6ZF9ZiH839f0s8XWbumkyyS0rhAXa5JSULvdE4/5oWQTzwDPc1ZWlxCP7joH+HC/0hCLi0PrEPxlNMWP72/5ESdhxNTqSujOmGek2TBvut+A9oQCnl57mB+mNViwEMmzy4AQSnzfPvddVRaOZ3yoeh2JFb9j9xxTduHu5InhIvPCCJiZcCHOwmgq4nGBUjC8FE4gudkBJDPcFl4+GBYyASRbHBHk35EHoHV8h3O3rv9VoszfMppSmc6i37AJGniIiT0c+aHyvywOCdW0JpJ+UcrGAXEWeWjDu7CaoCTF8cc2jM6wdmzBUOOXxYjz8TvxNuwwkPiQC5Q+QST1gwRrJsONhs+oMVEAIxOUMWpc155H4WkVwzi1L2KAhNeSzNvXiezZjSG9QyglbXhL8hHqQZ0s65b/kRsYxiho6xJhricLIe7ppyXxD91+Cg1kBG0lfshhFVd6E78RlAWrebnmzg2nUlfbR7gHEbHHwLuRYKnubXPrnG0gxANTYyPbqPMnP1jVF9eInIUgIHEJUpWMRH7nACUP9dLN/yf55Ni7Wr5FEFl5TVmiNnyx+T96V7Zd7Kzo9E+UMcI8zAYX8P8FnBn2OVC5tW9W2RGfuQj88+X05hnMnYc2/bYiNLbj5WiLgqMwS5FX1cPzBSNLXCc2FzC37xtI1dCULgdR41U8rjJ4Z2E6cui7ZgJqHTfuXL/E3oQNDPKOVa/jOXAuKiSmMNqP3AuXHY6NjBqH9h+Y+lnBMvI962KqBjhbp+thBJxR+hPUtRvFbNinemGR7yIZ/fgJNr5TJ4jhsdTwiHdEpXTRollbuZKBJq8MZ2jiFElmv2/MxHaJg4ICB52rAtpOx4y8zBZzU6huBTxHKUuDaC7iHs9RxfE34pghOV3sFwVJD/kCMbjIIyfSBihAEhZwxdukR/0OS31P3Sl8VGUXSfhm+69plHTgEsHR3jWBV3PmzVi34acieCXPSlLssZaGdmmFDEJbmPeSkfA0ORsMe32EMXfccRUJBRaOeZ8lcyaxbqPzEw8bqnh1cyxK02GPaVHfGim5Tm0nZkEl1midc1n2zRVYPp9e9OZGtEMe73RbFUCiAQEIdCyZDG3F47xCMC7+w0iaeo6OqTow6mMfiRN1ij9aIDfnpuW3y3UeUYAc5N5WJKrWK2LB2otmBqffiE3yWp3Kd2gR6nnNIf0jIN08a4WTFgIT7kHwnqayLlp1bNomseRfiiIqlPsH2/w6s7bcps2yPBoeNTi1wPof/uVGpdnXql4KkAEYPAvYpd4bpv3AqO7mzUzuW8LCDSbsR7X7aQ10ek90wwTRrPWOEHxRary3UllcgWEQFwgN+I8qC2QOnOKcsOjtyxQVvD/D/ElCdYWLFsML8GChSOaU/GeeY8ORH1LIXASV4EbmfVq0NAQuGsxIlqQ+cZwfmJws5KHgToQcko0Q53s16runEsF5nfK1YrUkE6r11HQdlUGKj/EGVtXJXyOh2KJSAQNrCdJERIQq+aqotYL5JUT3PdVxuOnox2mKwnKa/hC0QZYMu5FdYe3QTHrQ2crXnAykoHo/8Fj9bZOcXYQlaKeaA7nX2qhQWM7J+xJuUOaqomUfA3f1tKvXADB4d1PLD3sNgQJ8Ozbju/643J3gDQcrFDUSTGVqY6I+3heePLPH12TqQmmCOOqJd1pgySnrnh2Rd5Diga6V243Yk95D+9pykggIrMIICJ6ADAgESooICHgSCAhpjy7b3eHmOYqM7eG5AJALposvyfI0oI3tzJp7fnrg/Cmt6H9HNPikDF6S6dAsVPHYq8miJ7OoVsTqVXpWRvwOdDgFQ8FfGeqbuUYdSZE/WnMyLxrv/NYnRtdzeoL0YNtB0NkK2cJQGHo7jsJTSvTWSlCeIJ4xvsvx04L4jgbQYT4VHQ3wlbr0Eg3PifYa9sPNuZafxmw4OqF73CSiRvMG7OMD7F2zXb+YnW+BL0zY9q+ytX0BGEzWGRMY9RjmDktJDjrkDOS+S5K7YIXhlsQjfzb/D4NITCuF8Mn+dzV3r8wjSOvKKXe/gv2uq4DvIDMW7KckbzLQgrcma0dYxVx03ICwR0YiNuSXJIyEJ22iq8/mEHiW+BGvo9gIrATqCpXSjeB7/cykl1HmUklWwQmuapHoDNaBes18dzE3rLkweLHPVt5rMju3SAwJGH3jZgGbocNgPpAulg6GJzG9Mq+O+ZR8cD2ewN0JiHnTM0Hvz5jaU7AJlyvhP1V31sNpmfw8W3G0+bUhvNu8rFxxGzdbTXko0vC9KNRYy2w/9zytF8jaHkuFFyB8wNueYvBZYi3jQThMlGMvmqoj9c92mJ1DKbNXQ2D96OqMR2v58Mifb8f5wOQJzn+vTQd4PModrzYQrF+SSsaqccCAE8wBlsQ/kV1x4DnUxzpwRPpFXH8M3EP4x4bJ0hjbQeoBB/4V0jjdwmalXHhm+UAcj
2024-01-25T09:21:27.370-05:00 TRACE 79272 --- [nio-7080-exec-3] o.s.s.authentication.ProviderManager     : Authenticating request with KerberosServiceAuthenticationProvider (1/2)
2024-01-25T09:21:27.370-05:00 DEBUG 79272 --- [nio-7080-exec-3] .a.KerberosServiceAuthenticationProvider : Try to validate Kerberos Token
Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
Entered SpNegoContext.acceptSecContext with state=STATE_NEW
SpNegoContext.acceptSecContext: receiving token = a0 82 09 59 30 82 09 55 a0 30 30 2e 06 09 2a 86 48 82 f7 12 01 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2b 06 01 04 01 82 37 02 02 1e 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 82 09 1f 04 82 09 1b 60 82 09 17 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 09 06 30 82 09 02 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 06 bc 61 82 06 b8 30 82 06 b4 a0 03 02 01 05 a1 22 1b 20 54 45 53 54 42 57 43 41 44 2e 54 45 53 54 41 44 2e 42 57 43 2e 53 54 41 54 45 2e 4f 48 2e 55 53 a2 42 30 40 a0 03 02 01 02 a1 39 30 37 1b 04 48 54 54 50 1b 2f 62 77 63 73 77 69 63 73 61 70 73 72 30 35 2e 74 65 73 74 62 77 63 61 64 2e 74 65 73 74 61 64 2e 62 77 63 2e 73 74 61 74 65 2e 6f 68 2e 75 73 a3 82 06 43 30 82 06 3f a0 03 02 01 12 a1 03 02 01 24 a2 82 06 31 04 82 06 2d 49 80 4d af 49 a3 dd ce 17 9f 3e 78 8e ac 82 8e 11 fb 23 fd bc 9b c3 a1 18 fd 2a cc 2d 7f 96 a2 9b 4f 7f fe e7 2a 8e 12 a2 f9 da 8a f2 43 1f db d1 90 1b 37 a2 9e 70 25 7a 62 40 69 75 91 89 f0 31 82 16 62 e7 02 f1 39 5e d5 93 57 16 15 ba 2d ca c9 ed e9 97 08 52 06 37 41 26 cb 68 32 9a 76 8a ae 8f f2 d6 fe fd 55 62 44 2e 7d b3 7f a4 5a 8c 3a e9 6a 46 e9 d4 69 fc ee 75 9c b3 78 99 74 f8 d7 02 0f fe f0 70 f1 db 1e 7e d2 2e 92 95 7d 77 d5 10 f3 c7 21 19 9a ec 23 86 76 1b db 51 58 0e 2b f8 da 4e e8 0c b6 46 54 cf c7 c5 d3 0b fa 4d 96 7f cf 0b ed df eb d0 4d 8d 8d a9 dc c3 d5 08 cf 06 63 c7 e5 7c c9 af 3f 71 0f cc fd 5f 00 13 0c 38 50 85 0d 23 04 91 a1 ac 34 da eb ef a8 15 33 76 40 ca 30 70 e8 1d d2 7b 09 50 85 fe d4 bd 8e 5b 8f 66 fe 70 da c2 53 7b 45 3b bf 35 cb 7c 61 ed d8 55 47 32 66 95 a3 3d d4 28 95 33 69 24 4b 87 59 72 ea 69 c0 d6 25 06 29 ab 74 69 44 28 c2 1e ca 53 d7 a2 08 a1 04 e3 94 1b 57 05 7a 64 5f 59 88 7f 37 f5 fd 2c f1 75 9b ba 69 32 c9 2d 2b 84 05 da e4 94 94 2e f7 44 e3 fe 68 59 04 f3 c0 33 dc d5 95 a5 c4 23 fb 8e 81 fe 1c 2f f4 84 22 e2 d0 fa c4 3f 19 4d 31 63 fb db fe 44 49 d8 71 35 3a 92 ba 33 a6 19 e9 36 4c 1b ee b7 e0 3d a1 00 a7 97 9e e6 07 e9 8d 56 2c 04 32 6c f2 e0 04 12 9f 37 cf bd d7 55 45 a3 99 df 2a 1e 87 62 45 6f d8 fd c7 14 dd b8 7b b9 22 78 48 bc f0 82 26 26 5c 08 73 b0 9a 0a b8 9c 60 54 8c 2f 05 13 88 2e 76 40 49 0c f7 05 97 8f 86 05 8c 80 49 16 c7 04 79 37 e4 41 e8 1d 5f 21 dc ed eb bf d5 68 b3 37 cc a6 94 a6 73 a8 b7 ec 02 46 9e 22 22 4f 47 3e 68 7c af cb 03 82 75 6d 09 a4 9f 94 72 b1 80 5c 45 9e 5a 30 ee ec 26 a8 09 31 7c 71 cd a3 33 ac 1d 9b 30 54 38 e5 f1 62 3c fc 4e fc 4d bb 0c 24 3e 24 02 e5 0f 90 49 3d 60 c1 1a c9 b0 e3 61 b3 ea 0c 54 40 08 c4 e5 0c 5a 97 35 e7 91 f8 5a 45 70 ce 2d 4b d8 a0 21 35 e4 b3 36 f5 e2 7b 36 63 48 6f 50 ca 09 5b 5e 12 fc 84 7a 90 67 4b 3a e5 bf e4 46 c6 31 8a 1a 3a c4 98 6b 89 c2 c8 7b ba 69 c9 7c 43 f7 5f 82 83 59 01 1b 49 5f b2 18 45 55 de 84 ef c4 65 01 6a de 6e 79 b3 83 69 d4 95 f6 d1 ee 01 c4 6c 71 f0 2e e4 58 2a 7b 9b 5c fa e7 1b 48 31 00 d4 d8 c8 f6 ea 3c c9 cf d6 35 45 f5 e2 27 21 48 08 1c 42 54 a5 63 11 1f b9 c0 09 43 fd 74 b3 7f c9 fe 79 36 2e d6 af 91 44 16 5e 53 56 68 8d 9f 2c 7e 4f de 95 ed 97 7b 2b 3a 3d 13 e5 0c 70 8f 33 01 85 fc 3f c1 67 06 7d 8e 54 2e 6d 5b d5 b6 44 67 ee 42 3f 3c f9 7d 39 86 73 27 61 cd bf 6d 88 8d 2d b8 f9 5a 22 e0 a8 cc 12 e4 55 f5 70 fc c1 48 d2 d7 09 cd 85 cc 2d fb c6 d2 35 74 25 0b 81 d4 78 d5 4f 2b 8c 9e 19 d8 4e 9c ba 2e d9 80 9a 87 4d fb 97 2f f1 37 a1 03 43 3c a3 95 6b f8 ce 5c 0b 8a 89 29 8c 36 a3 f7 02 e5 c7 63 a3 63 06 a1 fd 87 e6 3e 96 70 4c bc 8f 7a d8 aa 81 8e 16 e9 fa d8 41 27 14 7e 84 f5 2d 46 f1 5b 36 29 de 98 64 7b c8 86 7f 7e 02 4d af 94 c9 e2 38 6c 75 3c 22 1d d1 29 5d 34 68 96 56 ee 64 a0 49 ab c3 19 da 38 85 12 59 af db f3 31 1d a2 60 e0 80 81 e7 6a c0 b6 93 b1 e3 2f 33 05 9c d4 ea 1b 81 4f 11 ca 52 e0 da 0b b8 87 b3 d4 71 7c 4d f8 a6 08 4e 57 7b 05 c1 52 43 fe 40 8c 6e 32 08 c9 f4 81 8a 10 04 85 9c 31 76 e9 11 ff 43 92 df 53 f7 4a 5f 15 19 45 d2 7e 19 be eb da 65 1d 38 04 b0 74 77 8d 60 55 dc f9 b3 56 2d f8 69 c8 9e 09 73 d2 94 bb 2c 65 a1 9d 9a 61 43 10 96 e6 3d e4 a4 7c 0d 0e 46 c3 1e df 61 0c 5d f7 1c 45 42 41 45 a3 9e 67 c9 5c c9 ac 5b a8 fc c4 c3 c6 ea 9e 1d 5c cb 12 b4 d8 63 da 54 77 c6 8a 6e 53 9b 49 d9 90 49 75 9a 27 5c d6 7d b3 45 56 0f a7 d7 bd 39 91 ad 10 c7 bb dd 16 c5 50 28 80 40 42 1d 0b 26 43 1b 71 78 ef 10 8c 0b bf b0 d2 26 9e a3 a3 aa 4e 8c 3a 98 c7 e2 44 dd 62 8f d6 88 0d f9 e9 b9 6d f2 dd 47 94 60 07 39 37 95 89 2a b5 8a d8 b0 76 a2 d9 81 a9 f7 e2 13 7c 96 a7 72 9d da 04 7a 9e 73 48 7f 48 c8 37 4f 1a e1 64 c5 80 84 fb 90 7c 27 a9 ac 8b 96 9d 5b 36 89 ac 79 17 e2 88 8a a5 3e c1 f6 ff 0e ac ed b7 29 b3 6c 8f 06 87 8d 4e 2d 70 3e 87 ff b9 51 a9 76 75 ea 97 82 a4 00 46 0f 02 f6 29 77 86 e9 bf 70 2a 3b b9 b3 53 3b 96 f0 b0 83 49 bb 11 ed 7e da 43 5d 1e 93 dd 30 c1 34 6b 3d 63 84 1f 14 5a af 2d d4 96 57 20 58 44 05 c2 03 7e 23 ca 82 d9 03 a7 38 a7 2c 3a 3b 72 c5 05 6f 0f f0 ff 12 50 9d 61 62 c5 b0 c2 fc 18 28 52 39 a5 3f 19 e7 98 f0 e4 47 d4 b2 17 01 25 78 11 b9 9f 56 ad 0d 01 0b 86 b3 12 25 a9 0f 9c 67 07 e6 27 0b 39 28 78 13 a1 07 24 a3 44 39 de cd 7a ae e9 c4 b0 5e 67 7c ad 58 ad 49 04 ea bd 75 1d 07 65 50 62 a3 fc 41 95 b5 72 57 c8 e8 76 28 94 80 40 da c2 74 91 11 21 0a be 6a aa 2d 60 be 49 51 3d cf 75 5c 6e 3a 7a 31 da 62 b0 9c a6 bf 84 2d 10 65 83 2e e4 57 58 7b 74 13 1e b4 36 72 b5 e7 03 29 28 1e 8f fc 16 3f 5b 64 e7 17 61 09 5a 29 e6 80 ee 75 f6 aa 14 16 33 b2 7e c4 9b 94 39 aa a8 99 47 c0 dd fd 6d 2a f5 c0 0c 1e 1d d4 f2 c3 de c3 60 40 9f 0e cd b8 ee ff ae 37 27 78 03 41 ca c5 0d 44 93 19 5a 98 e8 8f b7 85 e7 8f 2c f1 f5 d9 3a 90 9a 60 8e 3a a2 5d d6 98 32 4a 7a e7 87 64 5d e4 38 a0 6b a5 76 e3 76 24 f7 90 fe f6 9c a4 82 02 2b 30 82 02 27 a0 03 02 01 12 a2 82 02 1e 04 82 02 1a 63 cb b6 f7 78 79 8e 62 a3 3b 78 6e 40 24 02 e9 a2 cb f2 7c 8d 28 23 7b 73 26 9e df 9e b8 3f 0a 6b 7a 1f d1 cd 3e 29 03 17 a4 ba 74 0b 15 3c 76 2a f2 68 89 ec ea 15 b1 3a 95 5e 95 91 bf 03 9d 0e 01 50 f0 57 c6 7a a6 ee 51 87 52 64 4f d6 9c cc 8b c6 bb ff 35 89 d1 b5 dc de a0 bd 18 36 d0 74 36 42 b6 70 94 06 1e 8e e3 b0 94 d2 bd 35 92 94 27 88 27 8c 6f b2 fc 74 e0 be 23 81 b4 18 4f 85 47 43 7c 25 6e bd 04 83 73 e2 7d 86 bd b0 f3 6e 65 a7 f1 9b 0e 0e a8 5e f7 09 28 91 bc c1 bb 38 c0 fb 17 6c d7 6f e6 27 5b e0 4b d3 36 3d ab ec ad 5f 40 46 13 35 86 44 c6 3d 46 39 83 92 d2 43 8e b9 03 39 2f 92 e4 ae d8 21 78 65 b1 08 df cd bf c3 e0 d2 13 0a e1 7c 32 7f 9d cd 5d eb f3 08 d2 3a f2 8a 5d ef e0 bf 6b aa e0 3b c8 0c c5 bb 29 c9 1b cc b4 20 ad c9 9a d1 d6 31 57 1d 37 20 2c 11 d1 88 8d b9 25 c9 23 21 09 db 68 aa f3 f9 84 1e 25 be 04 6b e8 f6 02 2b 01 3a 82 a5 74 a3 78 1e ff 73 29 25 d4 79 94 92 55 b0 42 6b 9a a4 7a 03 35 a0 5e b3 5f 1d cc 4d eb 2e 4c 1e 2c 73 d5 b7 9a cc 8e ed d2 03 02 46 1f 78 d9 80 66 e8 70 d8 0f a4 0b a5 83 a1 89 cc 6f 4c ab e3 be 65 1f 1c 0f 67 b0 37 42 62 1e 74 cc d0 7b f3 e6 36 94 ec 02 65 ca f8 4f d5 5d f5 b0 da 66 7f 0f 16 dc 6d 3e 6d 48 6f 36 ef 2b 17 1c 46 cd d6 d3 5e 4a 34 bc 2f 4a 35 16 32 db 0f fd cf 2b 45 f2 36 87 92 e1 45 c8 1f 30 36 e7 98 bc 16 58 8b 78 d0 4e 13 25 18 cb e6 aa 88 fd 73 dd a6 27 50 ca 6c d5 d0 d8 3f 7a 3a a3 11 da fe 7c 32 27 db f1 fe 70 39 02 73 9f eb d3 41 de 0f 32 87 6b cd 84 2b 17 e4 92 b1 aa 9c 70 20 04 f3 00 65 b1 0f e4 57 5c 78 0e 75 31 ce 9c 11 3e 91 57 1f c3 37 10 fe 31 e1 b2 74 86 36 d0 7a 80 41 ff 85 74 8e 37 70 99 a9 57 1e 19 be 50 07 23 
SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2
SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2
SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.30
SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10
SpNegoToken NegTokenInit: reading Mech Token
SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit
SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2
SpNegoContext.acceptSecContext: negotiated mech adjusted to 1.2.840.48018.1.2.2
Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
2024-01-25T09:21:27.401-05:00  WARN 79272 --- [nio-7080-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate
  • How can I further diagnose the problem and resolve the issue?

I should also add that if I go to the /login url, I am able to see my authentication data from Active Directory. So I think the LDAP communication is setup fine.

spring-security-kerberos
Original Q&A
0

There are 0 best solutions below

Related Questions in SPRING-SECURITY-KERBEROS

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.