Brian, It would be helpful to see what's actually happening on the CAS webapp side. In particular, the logging from the org/jasig/cas/support/spnego/web/flow/* classes can be helpful to see what's going on. Have you changed the CAS webapp's log4j.properties so you're getting DEBUG output from those classes?
- Bill On Sat, May 15, 2010 at 12:53 AM, Brian Shacklett <[email protected] > wrote: > I'm currently running CAS 3.3.5 and attempting to get SPNEGO authentication > working. I'm planning to use CAS as an intermediary between JAMWiki and > Active directory. > > I've gone through the guide at > http://www.ja-sig.org/wiki/display/CASUM/SPNEGO and it appears that CAS is > attempting to perform a kerberos login for me, but I eventually get thrown > back to the forms-based login screen. > > I've been following the cas.log file, but it doesn't seem to have anything > interesting in it. Glassfish's server.log and jvm.log files don't have > anything of interest either. > > > Here is my partially sanitised jcifsConfig. I'm a bit unsure about the > loginConf directive: > > <bean name="jcifsConfig" > class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"> > <property name="jcifsServicePrincipal" value="HTTP/[email protected]" > /> > <property name="jcifsServicePassword" value="password" /> > <property name="kerberosDebug" value="true" /> > <property name="kerberosRealm" value="KERBEROS.REALM" /> > <property name="kerberosKdc" value="192.168.1.25" /> > <property name="loginConf" > value="c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf" > /> > </bean> > > > > Here are the relevant headers captured from a login attempt: > > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 AutoPager/ > 0.6.0.28 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a39183b8d223cff15fd6e5b099fa; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0 > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > WWW-Authenticate: Negotiate > Set-Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; Path=/cas > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > ---------------------------------------------------------- > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 AutoPager/ > 0.6.0.28 AutoPager/0.6.0.28 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0, max-age=0 > Authorization: Negotiate > [BIG LONG KEY HERE] > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > > -- > <BR> > You are currently subscribed to [email protected] as: > [email protected] > <BR> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Bill Markmann Counterpoint Consulting, Inc. (p) 571-338-2455 (f) 202-403-3425 (e) [email protected] (w) http://www.counterpointconsulting.com/ -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
