[jboss-user] [Security & JAAS/JBoss] - JBoss Negotiation SPNEGO Problem
hr_aru
do-not-reply at jboss.com
Fri Jul 31 07:21:03 EDT 2009
Hi All,
since a week I am trying to configure SSO in JBoss. I tried the User Guide for JBoss Negotiation, a couple of Howtos found by google, and a few more.
Im a little bit frustrated now and i think im going to change my job. Iceman is a nice job I think.
Okay seriously:
I have a win2008 SP2 AD Domain and 2 Win XP SP2 Client.
AD: pdc.test.net
Jboss webserver.test.net with jboss-4.2.3.GA
I add a new User "webserver" to the AD.
I also done the following commands successful:
setspn -a HTTP/webserver.test.net
ktpass -princ HTTP/webserver.test.net at TES.NET -mapuser webserver -pass "Password
ktab.exe -k c:\webserver.host.keytab -a HTTP/webserver.test.net
Kinit works on the AD and Webserver Server.
I look at the User properties for the User "webserver" and the Account Name change into HTTP/webserver.test.net. I also can see that delegation in allowed at the Delegation tab.
The Webserver:
The jboss-negotiation-2.0.3.GA.jar is stored in default/lib
I configured the properties-service.xml, the jboss-service.xml, login.xml
So if I running the Server and start my Firefox 3.10 or the Ie7 (configured for sso) and click the Basic Negotiation i just get to see is
"Warning, this is: NTLM Negotiation
| WWW-Authenticate - Negotiate TlRMTVNTUAABAAAAB7IIogQABAAxAAAACQAJACgAAAAFASgKAAAAD1dFQlNFUlZFUlRFU1Q=
|
| NTLM - Negotiate_Message
| Warning, this is NTLM, only SPNEGO is supported!
| Negotiate Flags - (encryption56Bit)(sessionKeyExchange128Bit)(negotiateVersion)(ntlm2)(alwaysSign)(oemWorkstationSupplied)(oemDomainSupplied)(ntlm)(requestTarget)(oem)(unicode)
|
| Jboss:
|
|
11:55:48,494 INFO [BasicNegotiationServlet] Authorization header received - decoding token.
| 11:55:48,509 INFO [NTLMNegotiationServlet] Authorization header received - decoding token.
| 11:55:48,509 INFO [NTLMNegotiationServlet] Using existing message.
If I click on SecurityDomainTest it works. I get a Ticket. So Kerberos works (or not), but its look like i dont get a SPNEGO Ticket.
With wfetch.exe i get the same Result.
I tested the Troubleshooting Things list in the Userguide but I did not get more Informations. So any Ideas?
P.S. I know my english isn t perfekt.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4247226#4247226
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4247226
More information about the jboss-user
mailing list