Re: [cas-dev] Windows 7 and IE 8 and Spengo not working...

[Chris_Whittle]

Here is the answer... Scott or Marvin can you add this to the WIKI?

The issue is caused by Extended Protection for Windows Authentication.  It
adds a Channel Binding Token that is not supported by our sso software.
This was a new feature Microsoft added in MS09-54.  Newer versions of CAS
and Spnego do not support this feature either.  The following error occurs
when Windows 7 clients attempt to authenticate with CAS:

   <jcifs.spnego.AuthenticationException: Error performing Kerberos
   authentication: java.lang.reflect.InvocationTargetException>
   ... stack omitted
   <Caused by: GSSException: Channel binding mismatch (Mechanism level:
   ChannelBinding not provided!)>
   <at sun.security.jgss.krb5.InitialToken$OverloadedChecksum.<init>
   (InitialToken.java:225)>
   <at sun.security.jgss.krb5.InitSecContextToken.<init>
   (InitSecContextToken.java:102)>
   <at sun.security.jgss.krb5.Krb5Context.acceptSecContext
   (Krb5Context.java:715)>
   ... stack omitted

On a test Windows 7 client we've added a registry key to disable use of the
CBT per the following article: http://support.microsoft.com/kb/976918.

Chris Whittle
SWAT Team Developer
J.B. Hunt Transport Services, Inc.
Office Phone:(479) 419-3122
Ext:73122
Fax Phone:(479) 820-1769
chris_whit...@jbhunt.com
(Embedded image moved to file: pic24241.gif)What's your next move?TM
Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated |
Flatbed | Expedited


                                                                                
                                   
  From:       chris_whit...@jbhunt.com                                          
                                   
                                                                                
                                   
  To:         cas-dev@lists.jasig.org                                           
                                   
                                                                                
                                   
  Date:       11/23/2010 11:26 AM                                               
                                   
                                                                                
                                   
  Subject:    [cas-dev] Windows 7 and IE 8 and Spengo not working...            
                                   
                                                                                
                                   





We tried the fix listed in the WIKI and still not working.. any ideas?

Chris Whittle
SWAT Team Developer
J.B. Hunt Transport Services, Inc.
Office Phone:(479) 419-3122
Ext:73122
Fax Phone:(479) 820-1769
chris_whit...@jbhunt.com
(Embedded image moved to file: pic22885.gif)What's your next move?TM
Intermodal | Dedicated | Truckload | LTL | Delivery | Refrigerated |
Flatbed | Expedited
--
You are currently subscribed to cas-dev@lists.jasig.org as:
chris_whit...@jbhunt.com
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-dev[attachment "pic22885.gif"
deleted by Chris Whittle/Corporate/JBHunt]
-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

<<attachment: pic24241.gif>>