Hi, I am setting a new CAS server in order to replace our well working 3.5.1,
and I was I not able to have a working SPNEGO auth. Of course, it was
impossible to use the good old configuration files because of so many changes
in implementation. I have been following the instructions here :
https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html
but it was not working and some informations were missing (how to configure the
JCIFS principal in the configuration file, as we only want to rely on Kerberos,
NTLM is not considered). It seems I had an almost working configuration for
some times, but I suspect a typo in the documentation. Here is why. If I use
a JAAS configuration file like this one :
jcifs.spnego.initiate { com.sun.security.auth.module.Krb5LoginModule \ required
storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab";
}; jcifs.spnego.accept { com.sun.security.auth.module.Krb5LoginModule \
required storeKey=true useKeyTab=true
keyTab="/home/cas/kerberos/myspnaccount.keytab"; };
Authentication fails and I get the following exceptions :
2022-02-24 09:10:09,340 DEBUG [org.springframework.webflow.engine.ActionState]
-
2022-02-24 09:10:09,342 DEBUG
[org.springframework.webflow.execution.ActionExecutor] -
2022-02-24 09:10:09,342 DEBUG
[org.springframework.webflow.execution.ActionExecutor] -
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction]
-
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction]
-
2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction]
-
2022-02-24 09:10:09,343 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction]
-
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/20220224102859.E4F4DC005D%40smtp04.mail.de.
