I follow all the instructions found in the wiki and i read a lot of post in
the forum to activate SSO authentication between CAS and windows primary
domain. My scenario is:
CASServer (3.2.1):
Windows Xp with Tomcat 5.5.29 on jdk 1.5.0_11. This pc is outside domain.
The name is casserver. Configurations file of the cas edited as described in
the wiki
Client:
Windows Xp (other pc in domain) with ie 7 configured as described (the
server is included in the intranet sites)
AD Server
We try with windows 2000 and windows 2003. We have created the user
(casuser) and run the ktpass tool. The only diffrence is that the second
support the crypto rc4-hmac-nt. In windows 2000 you can't set this crypto
Reading the log seems that the server receives the token but can't extract
the Principal (Principal is null).
Can someone help me? Thanks
Here my logs
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsServicePrincipal is set to HTTP/[EMAIL PROTECTED]
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsServicePassword is set to *****
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsUsername is set to casuser
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsPassword is set to *****
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
jcifsDomain is set to QUIX.LOCALE
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosDebug is set to : true
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosRealm is set to :QUIX.LOCALE
2008-05-14 18:47:55,640 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
kerberosKdc is set to : 192.168.100.7
2008-05-14 18:47:55,656 DEBUG
[org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] -
configured login configuration path : /WEB-INF/login.conf
2008-05-14 18:47:55,718 INFO
[org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] -
Initializing Spring FrameworkServlet 'cas'
2008-05-14 18:47:56,265 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.deleteRegisteredService(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-05-14 18:47:56,265 DEBUG
[org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] -
Found action method [public org.springframework.web.servlet.ModelAndView
org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.manage(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-05-14 18:47:56,328 INFO
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not
set. Using default class of
org.jasig.cas.authentication.principal.UsernamePasswordCredentials with
formObjectName credentials and validator
org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2008-05-14 18:48:02,890 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Action
'InitialFlowSetupAction' beginning execution
2008-05-14 18:48:02,890 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction]
- Setting path for cookies to: /cas
2008-05-14 18:48:02,890 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not
generate service.
2008-05-14 18:48:02,906 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not
generate service.
2008-05-14 18:48:02,906 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Action
'InitialFlowSetupAction' completed execution; result is 'success'
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Authorization header not found. Sending WWW-Authenticate header
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' completed execution; result is
'success'
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' beginning execution
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' completed execution; result is 'error'
2008-05-14 18:48:02,921 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form
object with name 'credentials'
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance
of form object class [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object
of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow with name 'credentials'
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form
errors for object with name 'credentials'
2008-05-14 18:48:02,937 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor
registrar set, no custom editors to register
2008-05-14 18:48:02,953 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors
instance in scope Flash
2008-05-14 18:48:02,953 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:02,953 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:02,953 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Action
'InitialFlowSetupAction' beginning execution
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not
generate service.
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not
generate service.
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.web.flow.InitialFlowSetupAction] - Action
'InitialFlowSetupAction' completed execution; result is 'success'
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] -
Action 'SpnegoNegociateCredentialsAction' completed execution; result is
'success'
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' beginning execution
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO
Authorization header found with 1648 bytes
2008-05-14 18:48:03,500 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained
token: `‚�Î��+����� ‚�Â0‚�¾ $0"� *†H‚÷����� *†H†÷�����
+����‚7��
¢‚�”�‚�?`‚�Œ� *†H†÷����� n‚�{0‚�w ����¡����¢��� £‚�§a‚�£0‚�Ÿ ����¡
��QUIX.LOCALE¢�0� ����¡�0���HTTP� casserver£‚�i0‚�e
����¢‚�\�‚�XŽn«ñÒ‰¼öŽXÜ:³Zõû,�Ži'
B:«Si§3¤,hŸöcT„n�Þ²ËH�~�ŽÒØ(³
‚HQdU?��4àûð$Ùˆb^!�`_`çòq[©ÍL6-5rýí¢"ó¨Æ§±K‚¬ª‡Ü¯É<A¨°�ÍU'HÆ�¦^<í�õ�NöSß©A`±3–Ààç»I•ñq‹³=?¬£T
š0yf?Ç‹OÎn¡âSÂvÒ]|�Ódd |»áÚŸUHgf[ùªóZg€ý�
BõlOï[RmöcA.�~ú+íOÔ4û?½M؆Ò>�äÎ
[EMAIL PROTECTED]; ‘?9²µ0f”iOÜ'ÞŽ�€ÇüŽ�&¯Òò�jÜ1ûã�³T;Ç6²ÈÏÿ
e‘™r�jèkGêÑ»ÃÖ¦NE–m¤ìû«Þ(¿Õ~?®\ë¦âuã1šbŒ�š.ËJ
|7Þ�€Þ!Z¸¹�ágÿúpÐ{h�yµ�íµ�†’W�¤÷’x†ÍcHã¾���M’Ö
4žùªt…¸„^ýî1¶ˆ?�7�€�ú�øIn¶4®!ªVS÷�E?Ö'ÃÐãoG¸é¼'$ÜP„ö-Ø©�”ЛÆ? [EMAIL PROTECTED]
äÊc“�ß6rÅ��?4ÂÃ�?ate�¯ÞÕ#,{Z—7pÃ{Õž+ÕŽû¹Ukl¦½€ùÀÊ÷ �öºA»ªsK=ÛáC
4),JD!’L�Ë&Û_ê‰9?¬ --½µŽ„þ��jo¤�è#Te‹�¹üÂS�ä
sÏ,�Z�UËò›ŠÆÆ�?‘2¡æðéy=Ìq»ˆ?ò*("=AG£Ì_Ö�`÷œ�œP=Ó�Ùµ£€˜�Ôb™�¶Ã€Q�
ýÀÔò�Ìš;Þ5"ÇñÕÝ̸lņ̃m�e®¯‘§ºÌ?#Ö�³<ÕÔ�¿Í�sSJ·ÿì8'¡–žDÒ›Ÿ»�"n$1+�k�äKµþúã
"êü�hO¦-9ú{½üg�p Wä´?�›>‰]�'&¦³˜îíÓžÀùèTÐ?êøúœÖ�Ö#² bc†¶LzÖ
íÊ?Ž†ß¡úÓÃULëgEžH¶��öõPâžÖä·âôæxè�C§™š�¿ªCûÊ�Ïûì6âú�K= EÿW¦ê˜“—
j�™J��m‡�ÝžbP©"Tò]&Æõ?zðzq½¿�AÐj3.Çn~¤?¶0?³ ����¢?«�?¨.Š;ôB”Ù•œ�J�àãª
ýžK¾¯¢NkÁf‡§¼â²àvž(Ï’)Qˆ�Pb÷#VpÙa1ÑLmYåQ ´ë…¥_„KëšdŠ™�Д°+·Íˆt'
ì/7�ZG‡ì\{„?Q•Òë?Þj9�Šg<›�—üÿ ÿvŠäÈò�å�l$Dúb&Q
K©7™aÍ!j†H]IL�£9õòšEOš8�›ÉqhsÙ~«Y�k�w�ÜŒ
2008-05-14 18:48:03,515 DEBUG
[org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create
TicketGrantingTicket for Principal is null
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Unable to
obtain the output token required.
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Setting
HTTP Status to 401
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action
'SpnegoCredentialsAction' completed execution; result is 'error'
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form
object with name 'credentials'
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance
of form object class [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object
of type [class
org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope
Flow with name 'credentials'
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form
errors for object with name 'credentials'
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor
registrar set, no custom editors to register
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors
instance in scope Flash
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:03,578 DEBUG
[org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action
'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:14,734 INFO
[org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] -
Starting cleaning of expired tickets from ticket registry at [Wed May 14
18:48:14 CEST 2008]
--
View this message in context:
http://www.nabble.com/CAS-SPNEGO-tp17236457p17236457.html
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
