Try to use /crypto DES-CBC-MD5 when exporting. Follow guidelines for java version before 1.5 version 7. Look for previous threads in this mailing list. Here was also some interesting settings for Windows domain.
Pavel On Sat, Apr 9, 2011 at 2:16 PM, nathan <[email protected]> wrote: > > Hi, > > I want to authenticate in CAS using users windows credentials. i.e. Do not > prompt the domain user for the password. > > I was following https://wiki.jasig.org/display/CASUM/SPNEGO > https://wiki.jasig.org/display/CASUM/SPNEGO to try to enable NTLM with CAS, > but I had no luck with it at all. > > My Env: > Active Directory Server/Domain Controller: > - Win 2003 > - Realm: convoy.local > > CAS server: > - tomcat 6 > - jdk 1.6.20 > - cas version 3.4.7 > - hostname is convoy-cas.wealth-tec.com > - win 2008 R2 64bit > > 1. I have create a SPN account called cas in my AD/DC and ensure using DES > encryption > http://jasig.275507.n4.nabble.com/file/n3438373/cas-ad.png > > 2. I run ktpass to map the server to the SPN user > ktpass.exe /princ HTTP/[email protected] /pass * > /mapuser > [email protected] /ptype KRB5_NT_PRINCIPAL /crypto RC4-HMAC-NT > > 3. I setup the login webflow as described in the wiki > http://jasig.275507.n4.nabble.com/file/n3438373/login-webflow.xml > login-webflow.xml > > 4. update the cas-servlet > http://jasig.275507.n4.nabble.com/file/n3438373/cas-servlet.xml > cas-servlet.xml > > 5. update the deployerConfigContaext > http://jasig.275507.n4.nabble.com/file/n3438373/deployerConfigContext.xml > deployerConfigContext.xml > > 6. I added tomcat windows server to domain convoy.local > > 7. I can see the following error in cas log: > 2011-04-09 19:36:51,031 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler > failed to authenticate the user which provided the following credentials: > unknown > > 2011-04-09 19:36:51,036 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit > trail record BEGIN > ============================================================= > WHO: unknown > WHAT: supplied credentials: unknown > ACTION: AUTHENTICATION_FAILED > APPLICATION: CAS > WHEN: Sat Apr 09 19:36:51 CST 2011 > CLIENT IP ADDRESS: 192.168.116.157 > SERVER IP ADDRESS: unknown > ============================================================= > > Any help? > http://jasig.275507.n4.nabble.com/file/n3438373/login.conf login.conf > > > -- > View this message in context: > http://jasig.275507.n4.nabble.com/SPNEGO-with-CAS-running-on-Windows-Machine-tp3438373p3438373.html > Sent from the CAS Users mailing list archive at Nabble.com. > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
