Hi,

I'm trying to do the same, but my CAS server is in a Linux station. It 
looks like you changed some XML files to change webflow and beans. Can you 
send me them?

Em terça-feira, 9 de janeiro de 2018 06:00:47 UTC-2, Abylay escreveu:
>
> Hello!
> I'm trying to configure Spnego on CAS 5.2.0 
>
> I added required dependency to pom file:
>
> <dependency>
>     <groupId>org.apereo.cas</groupId>
>     <artifactId>cas-server-support-spnego-webflow</artifactId>
>     <version>${cas.version}</version>
> </dependency>
>
>
> I have an SPN account and working keytab file. I've configured krb5.conf 
> and login.conf as it says in here SPNEGO-Authentication.html 
> <https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html>
> I configured my browsers to support Kerberos.
> Here is the SPNEGO part of cas configuration file:
> # SPNEGO
> # cas.authn.spnego.kerberosConf=
> cas.authn.spnego.mixedModeAuthentication=true
> # cas.authn.spnego.cachePolicy=600
> # cas.authn.spnego.timeout=300000
> cas.authn.spnego.jcifsServicePrincipal=HTTP/
> kerberos.mycompany...@mycompany.kz <javascript:>
> # cas.authn.spnego.jcifsNetbiosWins=
> cas.authn.spnego.loginConf=file:D:\\etc\\cas\\config\\login.conf
> # cas.authn.spnego.ntlmAllowed=true
> # cas.authn.spnego.hostNamePatternString=.+
> # cas.authn.spnego.jcifsUsername=
> # cas.authn.spnego.useSubjectCredsOnly=false
> # cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
> # cas.authn.spnego.jcifsDomainController=
> # cas.authn.spnego.dnsTimeout=2000
> # cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction
> cas.authn.spnego.kerberosKdc=dc01.mycompany.kz
> # cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader
> # cas.authn.spnego.jcifsDomain=
> # cas.authn.spnego.ipsToCheckPattern=127.+
> # cas.authn.spnego.kerberosDebug=true
> # cas.authn.spnego.send401OnAuthenticationFailure=true
> cas.authn.spnego.kerberosRealm=MYCOMPANY.KZ
> # cas.authn.spnego.ntlm=false
> # cas.authn.spnego.principalWithDomainName=false
> cas.authn.spnego.jcifsServicePassword=1q2w3e4r
>
> When I open login page there is the next error on CAS logs:
>
> 2018-01-09 13:47:33,472 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Tue Jan 09 13:47:33 ALMT 
> 2018,source=RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue Jan 09 13:47:33 ALMT 2018
> CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> =============================================================
>
> >
> 2018-01-09 13:47:33,487 DEBUG 
> [org.apereo.cas.support.oauth.validator.OAuth20AuthenticationServiceSelectionStrategy]
>  
> - <Authentication request is not identified as an OAuth request>
> 2018-01-09 13:47:33,488 DEBUG 
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
> - <Located client IP address as [fe80:0:0:0:459b:8012:528e:462a%20]>
> 2018-01-09 13:47:33,490 DEBUG 
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
> - <User agent [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) 
> Gecko/20100101 Firefox/53.0] is authorized to proceed>
> 2018-01-09 13:47:33,490 DEBUG 
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
> - <Adaptive authentication policy has authorized client 
> [fe80:0:0:0:459b:8012:528e:462a%20] to proceed.>
> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
> <Evaluating request to determine if warning cookie should be generated>
> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
> <Evaluating request to determine if warning cookie should be generated>
> 2018-01-09 13:47:33,493 DEBUG 
> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
>  
> - <Authentication handlers used for this transaction are 
> [JcifsSpnegoAuthenticationHandler,QueryDatabaseAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler,AcceptUsersAuthenticationHandler,LdapAuthenticationHandler]>
> 2018-01-09 13:47:33,494 DEBUG 
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>  
> - <Processing SPNEGO authentication>
> 2018-01-09 13:47:33,526 DEBUG 
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>  
> - <Authenticated SPNEGO principal [null]>
> 2018-01-09 13:47:33,527 DEBUG 
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>  
> - <Retrieving the next token for authentication>
> 2018-01-09 13:47:33,528 DEBUG 
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>  
> - <Setting nextToken in credential>
> 2018-01-09 13:47:33,530 DEBUG 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, 
> the processing of the SPNEGO Token failed].>
> 2018-01-09 13:47:33,531 DEBUG 
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>  
> - <Credential is not one of username/password and is not accepted by 
> handler [QueryDatabaseAuthenticationHandler]>
> 2018-01-09 13:47:33,532 DEBUG 
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>  
> - <Credential is not one of username/password and is not accepted by 
> handler [AcceptUsersAuthenticationHandler]>
> 2018-01-09 13:47:33,532 DEBUG 
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>  
> - <Credential is not one of username/password and is not accepted by 
> handler [LdapAuthenticationHandler]>
> 2018-01-09 13:47:33,533 ERROR 
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
> <Authentication has failed. Credentials may be incorrect or CAS cannot find 
> authentication handler that supports [unknown] of type [SpnegoCredential].>
> 2018-01-09 13:47:33,534 INFO 
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
> trail record BEGIN
> =============================================================
> WHO: unknown
> WHAT: Supplied credentials: [unknown]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Tue Jan 09 13:47:33 ALMT 2018
> CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> =============================================================
>
> >
>
> Has anyone here had the same issue or knows how to solve it?
> I suspect it's a bug.
>
> Thanks.
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ac6021b-6bbe-4687-a8bb-41c3c8a73ef1%40apereo.org.

Reply via email to