I modified the subject line a bit.
Looking at past forum messages, it seems that the jcifsConfig bean is
configured a bit differently in order to enable NTLM authentication. I only
have this-
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="loginConf"
value="C:\tomcat-6\webapps\cas-server-3.3\WEB-INF\login.conf"/>
<property name="jcifsDomain" value="bling.com" />
<property name="jcifsDomainController" value="XTC-MNC1-C1-3-Z" />
</bean>
However, I read an mail where extra stuff was configured-
<property name="jcifsServicePrincipal"
value="HTTP/test...@..."/>
<property name="jcifsServicePassword" value="Tom12345"/>
<property name="jcifsUsername"
value="spnegouser"/>
<property name="jcifsPassword"
value="Tom12345"/>
<property name="loginConf"
value="/WEB-INF/login.conf" /> <property name="kerberosDebug"
value="true"/>
Can someone kindly explain which jcifs properties need to be set for NTLM
authentication? What is jcifsServicePrincipal, jcifsServicePassword,
jcifsUserName, jcifsPassword?
As mentioned in my previous message (below), NTLM appears to work locally
(tomcat, CAS, IE on the same machine) but has issues when trying to access the
application from another machine (when IE is on another machine).
Thanks for your time.
________________________________
From: tedzo <tedzo2...@yahoo.com>
To: Yale CAS mailing list <cas@tp.its.yale.edu>
Sent: Friday, January 23, 2009 4:46:22 PM
Subject: Turning off Kerberos
I am encountering a strange problem while attempting to configure NTLM
authentication. I followed the directions in
http://www.ja-sig.org/wiki/display/CASUM/SPNEGO (with changes to login.conf and
jcifsConfig bean, as below). When I have all elements (tomcat, CAS, my webapp)
on my laptop, things are fine. I login to my laptop and I am granted access to
my webapp without being challenged. However, when I attempt to access my webapp
from another machine, I hit an exception which appears to suggest that Kerberos
authentication is being attempted. I am not sure why that would be the case
since I have not configured Kerberos anywhere.
If I can figure out how to disable Kerberos authentication, I should be good, I
think. How do I disable kerberos?
Thanks for your time.
My login.conf is as follows:
jcifs.spnego.initiate {
com.sun.security.auth.module.NTLoginModule required;
};
jcifs.spnego.accept {
com.sun.security.auth.module.NTLoginModule required;
};
My jcifsConfig bean is as follows:
<bean name="jcifsConfig"
class="org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig">
<property name="loginConf"
value="C:\tomcat-6\webapps\cas-server-3.3\WEB-INF\login.conf"/>
<property name="jcifsDomain" value="bling.com" />
<property name="jcifsDomainController" value="XTC-MNC1-C1-3-Z" />
</bean>
Exception I see:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication:
java.lang.reflect.InvocationTargetException
at jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
at jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
at jcifs.spnego.Authentication.process(Authentication.java:235)
at org.jasig.cas.support.spnego.authentication.handler.support.JCIFSSpne
goAuthenticationHandler.doAuthentication(JCIFSSpnegoAuthenticationHandler.java:56)
at
org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:71)
at
org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:88)
at
org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(CentralAuthenticationServiceImpl.java:417)
at
org.jasig.cas.web.flow.AbstractNonInteractiveCredentialsAction.doExecute(AbstractNonInteractiveCredentialsAction.java:80)
at
org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:192)
at
org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.java:146)
at
org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java:59)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:156)
at org.springframework.webflow.engine.State.enter(State.java:191)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:107)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:205)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161)
at org.springframework.webflow.engine.State.enter(State.java:191)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:54)
at org.springframework.webflow.engine.State.enter(State.java:191)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at
org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:54)
at org.springframework.webflow.engine.State.enter(State.java:191)
at
org.springframework.webflow.engine.Transition.execute(Transition.java:212)
at
org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableState.java:107)
at org.springframework.webflow.engine.Flow.onEvent(Flow.java:534)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent(RequestControlContextImpl.java:205)
at
org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:161)
at org.springframework.webflow.engine.State.enter(State.java:191)
at org.springframework.webflow.engine.Flow.start(Flow.java:521)
at
org.springframework.webflow.engine.impl.RequestControlContextImpl.start(RequestControlContextImpl.java:193)
at
org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:177)
at
org.springframework.webflow.executor.FlowExecutorImpl.launch(FlowExecutorImpl.java:187)
at
org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequest(FlowRequestHandler.java:125)
at
org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal(FlowController.java:165)
at
org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:153)
at
org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:48)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:571)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at
org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(ClientInfoThreadLocalFilter.java:48)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:263)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:584)
at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication.processKerberos(Authentication.java:430)
... 61 more
Caused by: java.security.PrivilegedActionException:
java.lang.reflect.InvocationTargetException
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
... 66 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at jcifs.spnego.Authentication$ServerAction.run(Authentication.java:507)
... 68 more
Caused by: GSSException: Cannot import null name
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:121)
at sun.security.jgss.GSSNameImpl.<init>(GSSNameImpl.java:111)
at sun.security.jgss.GSSManagerImpl.createName(GSSManagerImpl.java:113)
... 73 more
[Loaded java.net.SocketTimeoutException from C:\Program Files\Java\jdk1.6.0\jre\
lib\rt.jar]
[Loaded sun.net.ConnectionResetException from C:\Program Files\Java\jdk1.6.0\jre
\lib\rt.jar]
_______________________________________________
Yale CAS mailing list
cas@tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas
