Hi,
I am unable to get the HttpClient to work with SPNEGO authentication using
the IBM JRE. I have successfully gotten it to work with the Oracle JRE and
the login.conf file that is recommended for Oracle, so I know that my
configuration and test code is generally working. My test code is a
modification of the ClientKerberosAuthentication example.
Is the IBM JRE supported for SPNEGO authentication or is this a known
limitation? Is my login.conf file incorrect for the IBM JRE? I've tried
multiple permutations and encounter the same error each time.
Configuration:
Client: Windows 2008 R2 64-bit / HttpComponents 4.2.2
Server: Windows 2008 R2 w/ Websphere Application Server 8.5 64-bit
Active Directory: Windows 2008 R2 64-bit
JRE: 1.6.0 Java(TM) SE Runtime Environment (build pwa6460sr11-20120806_01
(SR11))
Error:
I get the following error when attempting to connect. This seems to imply
that my com.ibm.security.jgss.initiate setting is incorrect and that I
cannot obtain the proper credentials to send to the server in its response
for the negotiate header. I have all of the debug on and this is all I
get.
Jan 7, 2013 4:10:37 PM
org.apache.http.client.protocol.RequestAuthenticationBase process
WARNING: NEGOTIATE authentication error: No valid credentials provided
(Mechanism level: No valid credentials provided (Mechanism level: Attempt
to obtain new INITIATE credentials failed! (null)))
IBM login.conf:
com.ibm.security.jgss.login {
com.ibm.security.auth.module.Krb5LoginModule required
useDefaultCcache=true debug=true;
};
com.ibm.security.jgss.initiate {
com.ibm.security.auth.module.Krb5LoginModule required
useDefaultCcache=true debug=true;
};
com.ibm.security.jgss.accept {
com.ibm.security.auth.module.Krb5LoginModule required
useDefaultCcache=true debug=true;
};
Heather Sterling
Rational Jazz Development
Phone: 919-254-7163 T/L: 444-7163
Cell: 919-423-3143
Email: [email protected]
