Sorry.. CAS 4.2.4 on Tomcat, no proxy etc.
On Tue, Nov 22, 2016 at 10:30 AM, Tom Barber <[email protected]> wrote: > Hi folks, > > Maybe someone can shed some light on NTLM stuff here because its got me > confused. > > I want my browsers to accept NTLM logins and I can see the browser sending > a NTLM header: > > 2016-11-22 10:26:03,099 DEBUG [org.jasig.cas.support.spnego.web.flow. > SpnegoNegociateCredentialsAction] - Authorization header [Negotiate > TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==], User Agent > header [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 > Firefox/48.0] > 2016-11-22 10:26:03,099 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] > - SPNEGO Authorization header located as Negotiate > TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== > 2016-11-22 10:26:03,100 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] > - SPNEGO Authorization header found with 56 bytes > 2016-11-22 10:26:03,100 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] > - Obtained token: NTLMSSP �� � > 2016-11-22 10:26:03,139 DEBUG [org.jasig.cas.support.spnego. > authentication.handler.support.JcifsSpnegoAuthenticationHandler] - > Processing SPNEGO authentication > 2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi. > TicketOrCredentialPrincipalResolver] - Resolving argument > [AuthenticationTransaction] for audit > 2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi. > TicketOrCredentialPrincipalResolver] - Resolving argument > [SpnegoCredential] for audit > 2016-11-22 10:26:03,229 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - Audit trail record BEGIN > ============================================================= > WHO: unknown > WHAT: Supplied credentials: [unknown] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Tue Nov 22 10:26:03 UTC 2016 > CLIENT IP ADDRESS: 10.31.32.70 > SERVER IP ADDRESS: 172.200.0.6 > ============================================================= > > > 2016-11-22 10:26:03,229 INFO > [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] > - Audit trail record BEGIN > ============================================================= > WHO: unknown > WHAT: Supplied credentials: [unknown] > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Tue Nov 22 10:26:03 UTC 2016 > CLIENT IP ADDRESS: 10.31.32.70 > SERVER IP ADDRESS: 172.200.0.6 > ============================================================= > > > 2016-11-22 10:26:03,233 WARN > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] > - null > java.lang.NullPointerException > at org.jasig.cas.support.spnego.authentication.handler.support. > JcifsSpnegoAuthenticationHandler.doAuthentication( > JcifsSpnegoAuthenticationHandler.java:67) > .... > > > When I look at: https://github.com/apereo/cas/blob/ > 16a70316889d58395e11ac661645e0d4182b803e/support/cas-server- > support-spnego/src/main/java/org/apereo/cas/support/spnego/ > authentication/handler/support/JcifsSpnegoAuthenticationHandler.java#L49 > > It seems to me that CAS is expecting a Type 3 NTLM token straight away and > doesn't fancy negotiating. What am I missing here? > > Thanks > > Tom > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABML50eMT5EzTjnpr_c1pcTyt8ax27enbwKWFU1B7Hx1%3D-Yf%2BQ%40mail.gmail.com.
