Thanks for the information.
Yes, I believe it is related to the FallbackAuthenticator as well. I was able
to get the Basic portion of the fallback to work by bringing it in line with
apparent differences from the BasicAuthenticator; specifically, the credential
"space" and charset. I wonder if there isn't something similar with the
Kerberos authentication?
I since tried to temporarily replace the FallbackAuthenticator with the
ConfigurableSpnegoAuthenticator. The result is a "RuntimeException:
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid
argument (400) - Cannot find key of appropriate type to decrypt AP-REQ - RC4
with HMAC)". My thought was to get the out-of-the-box
ConfigurableSpnegoAuthenticator to work before using custom code. The odd
thing is the code works fine with jetty 9; however, with jetty 10 the
GSSException keeps coming to the surface.
A few things I was trying to track down:
1) Does jetty 10 use a different set of default encoding types?
2) Is there a way to set libdefaults default_tkt_enctypes and
default_tgt_enctypes programically via the JassConfigurator (i.e.
Configuration)?
3) Do I need to create the keytab file differently?
-----Original Message-----
From: Simone Bordet <simone.bor...@gmail.com>
Sent: Wednesday, September 7, 2022 3:20 AM
To: JETTY user mailing list <jetty-users@eclipse.org>
Cc: Bryan Coleman <bryan.cole...@dart.biz>
Subject: Re: [jetty-users] migration woes from version 9 to 10 - possible
character encoding issue
[You don't often get email from simone.bor...@gmail.com. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
On Tue, Sep 6, 2022 at 5:08 PM Bryan Coleman via jetty-users
<jetty-users@eclipse.org> wrote:
>
> I believe I have narrowed the issue down to the login arena (i.e. login /
> authentication / authorization).
>
> I am using a fallback authenticator which is an extension of the
> ConfigurableSpnegoAuthenticator and works to authenticate clients using a
> myriad of options (Spnego, NTLM, Basic).
>
> With jetty 10, if I change things to start with the BasicAuthenticator,
> provide credentials, stop things and then restart with the
> FallbackAuthenticator it works; however, if I start with the
> FallbackAuthenticator out of the gate it tries to do Anonymous authentication
> and fails.
>From your description, seems to be a problem in your FallbackAuthenticator...
> Questions:
>
> Any ideas?
>
> Has anything changed with the Spnego setup requirements from jetty 9
> to 10?
No.
> Is there a good reference for Spnego setup? (I noticed that
> the programming guide still shows TODO for HttpClient SPNEGO
> authentication support)
Look at the tests, see
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feclipse%2Fjetty.project%2Fblob%2Fjetty-10.0.11%2Fjetty-client%2Fsrc%2Ftest%2Fjava%2Forg%2Feclipse%2Fjetty%2Fclient%2Futil%2FSPNEGOAuthenticationTest.java&data=05%7C01%7Cbryan.coleman%40dart.biz%7C155ac064663a4beb203108da90a16d93%7Cd90804aba2264b3da37a256f7aba7ff1%7C0%7C0%7C637981320260484464%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=azA2GJxkQBX2MjOJaFiGWzhZhn8TnbU74DrP6%2FGPfJs%3D&reserved=0.
--
Simone Bordet
---
Finally, no matter how good the architecture and design are, to deliver
bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
