Adding "allow_weak_crypto = true" to " [libdefaults]" section in krb5.conf did it
Le lundi 2 décembre 2024 à 13:19:05 UTC+1, Raphael GEYER a écrit : > SPNEGO has been configured as explained in documentation. > > But when trying SSO I get following error : > > Dec 02 12:51:42 cas tomcat10[8253]: Found KeyTab Default keytab > Dec 02 12:51:42 cas tomcat10[8253]: Entered Krb5Context.acceptSecContext > with state=STATE_NEW > Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): > REALM > Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): HTTP > Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTabInputStream, readName(): > cas.example.com > Dec 02 12:51:42 cas tomcat10[8253]: >>> KeyTab: load() entry length: 65; > type: 23 > Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: > HTTP/cas.example.com@REALM > Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for > HTTP/cas.example.com@REALM > Dec 02 12:51:42 cas tomcat10[8253]: Looking for keys for: > HTTP/cas.example.com@REALM > Dec 02 12:51:42 cas tomcat10[8253]: Found unsupported keytype (23) for > HTTP/cas.example.com@REALM > Dec 02 12:51:42 cas tomcat10[8253]: jcifs.spnego.AuthenticationException: > Error performing Kerberos authentication: > java.lang.reflect.InvocationTargetException > > Type 23 ( RC4-HMAC ) is forced with ktpass, is it still supported by > latest JAVA / CAS versions ? > -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f31db017-6707-4037-8f2e-4818bf06c369n%40apereo.org.
