You can set kerberosDebug value in jcifsConfig to true (in deployerConfigContext.xml). And also on java command (on server start) set -Dsun.security.krb5.debug=true
Pave On Wed, Feb 9, 2011 at 8:50 PM, Greg <[email protected]> wrote: > I'm working on implementing CAS for SSO and have it successfully working for > LDAP authentication. I'm trying to take it a step further and allow clients > to use their Windows authentication to automatically login. I have followed > the guide on the wiki to enable SPNEGO. I'm getting the following in my logs: > > 2011-02-09 13:39:42,009 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO > Authorization header found with 1700 bytes > 2011-02-09 13:39:42,010 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained > token: ....... > 2011-02-09 13:39:42,021 DEBUG > [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Unable to > obtain the output token required. > > Issuing the command below works without errors so it seems to be kerberos is > working. > > kinit HTTP/[email protected] -k -t file.keytab > > My environment is CAS 3.4.5 running on Ubuntu 10.04 in a Windows 2K3 > environment. Client is WinXP SP3 running IE8. > > Is there any additional logs or debugs I can set to find out whats wrong? > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
