Hi Pavel, Many thanks for your kind response. I am following your previous post now:
http://www.mail-archive.com/[email protected]/msg07656.html (pre-flight and spnego tomcat). Do you think you can share your previous CAS/SPNEGO settings on windows with me ? Thanks, Nathan On Tue, Apr 12, 2011 at 8:38 AM, Pavel Tavoda <[email protected]> wrote: > Try to use /crypto DES-CBC-MD5 when exporting. Follow guidelines for > java version before 1.5 version 7. Look for previous threads in this > mailing list. Here was also some interesting settings for Windows > domain. > > Pavel > > On Sat, Apr 9, 2011 at 2:16 PM, nathan <[email protected]> wrote: >> >> Hi, >> >> I want to authenticate in CAS using users windows credentials. i.e. Do not >> prompt the domain user for the password. >> >> I was following https://wiki.jasig.org/display/CASUM/SPNEGO >> https://wiki.jasig.org/display/CASUM/SPNEGO to try to enable NTLM with CAS, >> but I had no luck with it at all. >> >> My Env: >> Active Directory Server/Domain Controller: >> - Win 2003 >> - Realm: convoy.local >> >> CAS server: >> - tomcat 6 >> - jdk 1.6.20 >> - cas version 3.4.7 >> - hostname is convoy-cas.wealth-tec.com >> - win 2008 R2 64bit >> >> 1. I have create a SPN account called cas in my AD/DC and ensure using DES >> encryption >> http://jasig.275507.n4.nabble.com/file/n3438373/cas-ad.png >> >> 2. I run ktpass to map the server to the SPN user >> ktpass.exe /princ HTTP/[email protected] /pass * >> /mapuser >> [email protected] /ptype KRB5_NT_PRINCIPAL /crypto RC4-HMAC-NT >> >> 3. I setup the login webflow as described in the wiki >> http://jasig.275507.n4.nabble.com/file/n3438373/login-webflow.xml >> login-webflow.xml >> >> 4. update the cas-servlet >> http://jasig.275507.n4.nabble.com/file/n3438373/cas-servlet.xml >> cas-servlet.xml >> >> 5. update the deployerConfigContaext >> http://jasig.275507.n4.nabble.com/file/n3438373/deployerConfigContext.xml >> deployerConfigContext.xml >> >> 6. I added tomcat windows server to domain convoy.local >> >> 7. I can see the following error in cas log: >> 2011-04-09 19:36:51,031 INFO >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpnegoAuthenticationHandler >> failed to authenticate the user which provided the following credentials: >> unknown >> >> 2011-04-09 19:36:51,036 INFO >> [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit >> trail record BEGIN >> ============================================================= >> WHO: unknown >> WHAT: supplied credentials: unknown >> ACTION: AUTHENTICATION_FAILED >> APPLICATION: CAS >> WHEN: Sat Apr 09 19:36:51 CST 2011 >> CLIENT IP ADDRESS: 192.168.116.157 >> SERVER IP ADDRESS: unknown >> ============================================================= >> >> Any help? >> http://jasig.275507.n4.nabble.com/file/n3438373/login.conf login.conf >> >> >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/SPNEGO-with-CAS-running-on-Windows-Machine-tp3438373p3438373.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
