6:37 a.m.
Hi Keycloak,
I setup the keycloak-demo-3.0.0 standalone server with the Kerberos
example(kerberos-portal.war) on an *Ubuntu machine(N1)*.
Next on another *Ubuntu machine(N2)* I setup the Kerberos client (did a kinit) and did the
required config changes in Firefox and is able to access the url :
http://N1:8080/kerberos-portal/ and the login page is bypassed as expected.
However, when using another *Windows 8.1 machine (N3)* where I have setup the MIT Kerberos
Client (did a kinit) + required config changes in Firefox, I am getting the Login page.
The browser though gets the challenge response header WWW-Authenticate: Negotiate and then
the again sends the Authorization: Negotiate YII but somehow I end up with the Login page
and see the below error on the Wildfly logs.
2017-06-07 10:46:04,332 INFO [stdout] (default task-42) Debug is true storeKey true
useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false
KeyTab is /home/impetus/nirmal/http.keytab_71 refreshKrb5Config is false principal is
HTTP/192.168.xx.xx(a)IMPETUS.CO.IN tryFirstPass is false useFirstPass is false storePass is
false clearPass is false
2017-06-07 10:46:04,334 INFO [stdout] (default task-42) principal is
HTTP/192.168.xx.xx(a)IMPETUS.CO.IN
2017-06-07 10:46:04,334 INFO [stdout] (default task-42) Will use keytab
2017-06-07 10:46:04,335 INFO [stdout] (default task-42) Commit Succeeded
2017-06-07 10:46:04,335 INFO [stdout] (default task-42)
*2017-06-07 10:46:04,337 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator]
(default task-42) GSS Context accepted, but no context initiator recognized. Check your
kerberos configuration and reverse DNS lookup configuration*
2017-06-07 10:46:04,337 INFO [stdout] (default task-42) [Krb5LoginModule]:
Entering logout
2017-06-07 10:46:04,338 INFO [stdout] (default task-42) [Krb5LoginModule]:
logged out Subject
I troubles hooted for quite a long time but cannot understand where the problem is.
Can you please give me some pointers to look for?
Thanks,
-Nirmal
________________________________
NOTE: This message may contain information that is confidential, proprietary, privileged
or otherwise protected by law. The message is intended solely for the named addressee. If
received in error, please destroy and notify the sender. Any use of this email is
prohibited when received in error. Impetus does not represent, warrant and/or guarantee,
that the integrity of this communication has been maintained nor that the communication is
free of errors, virus, interception or interference.