Tom, did you resolve this issue? I have same issue. thanks.
rgds brent On Tuesday, November 22, 2016 at 6:32:14 PM UTC+8, Tom Barber wrote: > > Sorry.. CAS 4.2.4 on Tomcat, no proxy etc. > > > > > > On Tue, Nov 22, 2016 at 10:30 AM, Tom Barber <[email protected] > <javascript:>> wrote: > >> Hi folks, >> >> Maybe someone can shed some light on NTLM stuff here because its got me >> confused. >> >> I want my browsers to accept NTLM logins and I can see the browser >> sending a NTLM header: >> >> 2016-11-22 10:26:03,099 DEBUG >> [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - >> Authorization header [Negotiate >> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==], User Agent >> header [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 >> Firefox/48.0] >> 2016-11-22 10:26:03,099 DEBUG >> [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO >> Authorization header located as Negotiate >> TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== >> 2016-11-22 10:26:03,100 DEBUG >> [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO >> Authorization header found with 56 bytes >> 2016-11-22 10:26:03,100 DEBUG >> [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained >> token: NTLMSSP �� � >> 2016-11-22 10:26:03,139 DEBUG >> [org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] >> >> - Processing SPNEGO authentication >> 2016-11-22 10:26:03,227 DEBUG >> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving >> argument [AuthenticationTransaction] for audit >> 2016-11-22 10:26:03,227 DEBUG >> [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving >> argument [SpnegoCredential] for audit >> 2016-11-22 10:26:03,229 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: unknown >> WHAT: Supplied credentials: [unknown] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 22 10:26:03 UTC 2016 >> CLIENT IP ADDRESS: 10.31.32.70 >> SERVER IP ADDRESS: 172.200.0.6 >> ============================================================= >> >> >> 2016-11-22 10:26:03,229 INFO >> [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: unknown >> WHAT: Supplied credentials: [unknown] >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Tue Nov 22 10:26:03 UTC 2016 >> CLIENT IP ADDRESS: 10.31.32.70 >> SERVER IP ADDRESS: 172.200.0.6 >> ============================================================= >> >> >> 2016-11-22 10:26:03,233 WARN >> [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - null >> java.lang.NullPointerException >> at >> org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:67) >> .... >> >> >> When I look at: >> https://github.com/apereo/cas/blob/16a70316889d58395e11ac661645e0d4182b803e/support/cas-server-support-spnego/src/main/java/org/apereo/cas/support/spnego/authentication/handler/support/JcifsSpnegoAuthenticationHandler.java#L49 >> >> It seems to me that CAS is expecting a Type 3 NTLM token straight away >> and doesn't fancy negotiating. What am I missing here? >> >> Thanks >> >> Tom >> > > -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/cc1d497d-2360-421c-812d-355e31dc63c8%40apereo.org.
