When you hit the protected URL of your webapp, you should be redirected to
CAS. It will try to pick up your identity in the class
cas.support.spnego.web.flow.SpnegoCredentialsAction
-- are you seeing logging output from that class? That's where you'll want
to start looking. When an actual Kerberos exchange takes place, if you have
Kerberos debugging on, it will spit out a bunch of useful info. Getting
THAT debugging info varies from server to server. In Tomcat, I'd check a
couple things:
- look at */WEB-INF/deployerConfigContext.xml*... You should have a 'jcifs'
bean defined; make sure that you set a property there like:
<property name="kerberosDebug" value="true" />
- in Tomcat's startup, you can also set (in your JAVA_OPTS):
-Dsun.security.krb5.debug=true
...but this setting might vary depending on the security manager; I think
I've set that in the past and it dumps the Kerberos exchange debugging to
stdout or stderr. Let me know if neither of those works, and I'll dig
around a little more to see how I got debugging working in the past. The
problem that I've run into several times is that a Kerberos exchange isn't
taking place at all, making the Kerberos debugging a moot point (you can
tell that from the logging output of SpnegoCredentialsAction, described
above -- that why I suggest starting there).
- Bill
On Tue, Apr 13, 2010 at 11:05 AM, Andy Speagle <[email protected]> wrote:
> Hi Bill,
>
> Ok, well... at least I had a good understanding of the webapp logging
> configuration. This was already done. But yes, I'm trying to get the
> spnego/kerberos logging information. I can't seem to reason that out. I'm
> using tomcat5 on RHEL5. I appreciate the assist.
>
> -Andy
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
Bill Markmann
Counterpoint Consulting, Inc.
(p) 571-338-2455
(f) 202-403-3425
(e) [email protected]
(w) http://www.counterpointconsulting.com/
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
