Thanks for the reply, unfortunately it got mixed in with a lot of other emails. I'll be away for the weekend. I'll try to pull those logs Monday.
On 5/15/10 6:19 AM, William Markmann wrote: > Brian, > > It would be helpful to see what's actually happening on the CAS webapp > side. In particular, the logging from > the org/jasig/cas/support/spnego/web/flow/* classes can be helpful to > see what's going on. Have you changed the CAS webapp's > log4j.properties so you're getting DEBUG output from those classes? > > - Bill > > On Sat, May 15, 2010 at 12:53 AM, Brian Shacklett > <[email protected] <mailto:[email protected]>> wrote: > > I'm currently running CAS 3.3.5 and attempting to get SPNEGO > authentication working. I'm planning to use CAS as an intermediary > between JAMWiki and Active directory. > > I've gone through the guide at > http://www.ja-sig.org/wiki/display/CASUM/SPNEGO and it appears > that CAS is attempting to perform a kerberos login for me, but I > eventually get thrown back to the forms-based login screen. > > I've been following the cas.log file, but it doesn't seem to have > anything interesting in it. Glassfish's server.log and jvm.log > files don't have anything of interest either. > > > Here is my partially sanitised jcifsConfig. I'm a bit unsure about > the loginConf directive: > > <bean name="jcifsConfig" > > class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig"> > <property name="jcifsServicePrincipal" > value="HTTP/[email protected]" /> > <property name="jcifsServicePassword" value="password" /> > <property name="kerberosDebug" value="true" /> > <property name="kerberosRealm" value="KERBEROS.REALM" /> > <property name="kerberosKdc" value="192.168.1.25" /> > <property name="loginConf" > > value="c:\glassfishv3\glassfish\domains\domain1\applications\cas-server-webapp-3.3.5\WEB-INF\login.conf" > /> > </bean> > > > > Here are the relevant headers captured from a login attempt: > > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 > <http://0.6.0.28> AutoPager/0.6.0.28 <http://0.6.0.28> > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a39183b8d223cff15fd6e5b099fa; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0 > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > WWW-Authenticate: Negotiate > Set-Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; Path=/cas > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > ---------------------------------------------------------- > http://dublin:8080/cas/login > > GET /cas/login HTTP/1.1 > Host: dublin:8080 > User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; > rv:1.9.2.4) Gecko/20100503 Firefox/3.6.4 AutoPager/0.6.0.28 > <http://0.6.0.28> AutoPager/0.6.0.28 <http://0.6.0.28> > AutoPager/0.6.0.28 <http://0.6.0.28> > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip,deflate > Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive: 115 > Connection: keep-alive > X-AutoPager: 0.6.0.28 > Cookie: JSESSIONID=a451bfdb7fa1827c6c85fba528a4; > treeForm:tree-hi=treeForm:tree:applications; > JSESSIONID=a07370534c602d94f15d3c49e883 > Cache-Control: max-age=0, max-age=0 > Authorization: Negotiate > [BIG LONG KEY HERE] > > HTTP/1.1 401 Unauthorized > X-Powered-By: JSP/2.1 > Server: GlassFish v3 > Pragma: no-cache > Expires: Thu, 01 Jan 1970 00:00:00 GMT > Cache-Control: no-cache, no-store > Content-Type: text/html;charset=UTF-8 > Content-Language: en-US > Transfer-Encoding: chunked > Date: Sat, 15 May 2010 04:42:20 GMT > > -- > <BR> > You are currently subscribed to [email protected] > <mailto:[email protected]> as: > [email protected] > <mailto:[email protected]> > <BR> > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > -- > Bill Markmann > > Counterpoint Consulting, Inc. > (p) 571-338-2455 > (f) 202-403-3425 > (e) [email protected] > <mailto:[email protected]> > (w) http://www.counterpointconsulting.com/ > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- <BR> You are currently subscribed to [email protected] as: [email protected] <BR> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
