hi, the authentication via spnego does it fail always? if not, for those users with failing spnego authentication, is their browser set up correctly? (see [1])
if the browser is not setup correctly (or these user are not part of the domain), the browser does not know how to handle the NEGOTIATE-request (401) sent by the cas-server (see step 2 in [2]) and hence displays the 401 response. [1] https://wiki.jasig.org/display/CASUM/SPNEGO#SPNEGO-SetupBrowser [2] https://wiki.jasig.org/display/CASUM/SPNEGO#SPNEGO-SPNEGOBasics On Mon, Jun 4, 2012 at 12:09 PM, lozair <[email protected]> wrote: > Hi all, > Following the jasig documentation > (https://wiki.jasig.org/display/CASUM/SPNEGO), i attempt to link my cas > server to our Active Directory kerberos server. > I have read some thread in list for the change since version 3.4.9 in > webflow with the generateLoginTicket. > > After modifying the login-webflow.xml file to integrate spnego, i always > get an unauthorized 401 tomcat page and never the casLoginView when > spnego fails. > > The login-webflow.xml file is attached. > > Setting th webflow logging to TRACE i can see the following : > > > 2012-06-04 11:44:37,742 TRACE > [org.jasig.cas.web.flow.GenerateLoginTicketAction] - Entering method > [generate with arguments [[[RequestControlContextImpl@1105276c > externalContext = > org.springframework.webflow.mvc.servlet.MvcExternalContext@695f2c2e, > currentEvent = error, requestScope = map[[empty]], attributes = > map[[empty]], messageContext = [DefaultMessageContext@674db60d > sourceMessages = map[[null] -> list[[empty]]]], flowExecution = > [FlowExecutionImpl@1eeb4477 flow = 'login', flowSessions = > list[[FlowSessionImpl@67dbf07c flow = 'login', state = > 'generateLoginTicket', scope = map['service' -> [null], 'credentials' -> > [username: null], 'warnCookieValue' -> false, 'ticketGrantingTicketId' > -> [null]]]]]]]] > 2012-06-04 11:44:37,742 DEBUG > [org.jasig.cas.web.flow.GenerateLoginTicketAction] - Generated login > ticket LT-7-pz9CgCCUwvIAM72dsC2aFfL2zrexHd > 2012-06-04 11:44:37,743 TRACE > [org.jasig.cas.web.flow.GenerateLoginTicketAction] - Leaving method > [generate] with return value [generated]. > > > It seems the webflow is correct since the GenerateLoginTicketAction > start and generate a ticket and return with the value "generated". > > But neither the login screen appears like it was described in the > webflow... > > I always obtain a 401 unauthorized page > > Thanks for your help/advice > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
