> > This error happens, because SPNEGO is not configured properly. > These minimum parameters are set in my cas.properties : >
cas.authn.spnego.jcifsDomain=domen.com cas.authn.spnego.jcifsDomainController=domen.com cas.authn.spnego.jcifsServicePassword=XXXXX cas.authn.spnego.jcifsServicePrincipal=HTTP/[email protected] cas.authn.spnego.jcifsUsername=XXX cas.authn.spnego.jcifsPassword=XXX cas.authn.spnego.kerberosConf=D:\\applications\\buap-services\\cas\\webapps\\cas\\WEB-INF\\classes\\krb.conf cas.authn.spnego.kerberosDebug=true cas.authn.spnego.kerberosKdc=kdcserver.domen.com cas.authn.spnego.kerberosRealm=domen.com cas.authn.spnego.loginConf=file:/D:/applications/buap-services/cas/webapps/cas/WEB-INF/classes/login.conf cas.authn.spnego.mixedModeAuthentication=false cas.authn.spnego.ntlm=false cas.authn.spnego.ntlmAllowed=true cas.authn.spnego.principalWithDomainName=false cas.authn.spnego.send401OnAuthenticationFailure=true cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit cas.authn.spnego.timeout=300000 .... Also you should set LDAP properties for SPNEGO : ....... cas.authn.spnego.ldap.ldapUrl=ldap://some_server.domen.com cas.authn.spnego.ldap.baseDn=DC=XXXXXXXXXX,DC=net cas.authn.spnego.ldap.userFilter=(uid={user}) cas.authn.spnego.ldap.bindDn=CN=XXXXXXXXXXXXX,OU=Local,OU=Service Accounts,OU=Users,OU=Enterprise,DC=XXXXXXXXXXX,DC=net cas.authn.spnego.ldap.bindCredential=XXXXXXXXXXXXX cas.authn.spnego.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider cas.authn.spnego.ldap.connectTimeout=5000 cas.authn.spnego.ldap.useStartTls=false ....... Also if you are using AES 256 then you need replace policy files in your java8: C:\Program Files\Java\jre1.8.0_111\lib\security local_policy.jar US_export_policy.jar -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3be15c5f-e250-4df4-8be3-a74d0fd95888%40apereo.org.
