On Mon, 4 Sep 2006 13:31:58 -0700 (PDT) John User <[EMAIL PROTECTED]> wrote:
> I am having no luck setting up kerberos/spnego sso: > The players: > > win2k3 AD box > win xp client running IE 6 and latest firefox > Weblogic 8.1 on a redhat box. > Client trying to access resource on WLS: > > tcpdump shows WLS sending "WWW-Authenticate : > Negotiate" in response to request for the protected > resource from IE (and firefox) > Neither IE nor firefox make any attempt to get a > session ticket, - though they do send something > encrtpted back in response. The client probably already had the ticket so no comm. with KDC was necessary. You should see the client submit 'Authorization: Negotiate YIIExka83jsmd...more base64 encoded data'. > There is no other > WWW-Authenticate header being sent. > klist shows the client machine does have a tgt. > Any hints on how to debug, or has anyone had a similar > experience?? > I have gone through all of the basic documented steps: > creation of AD user for WL box, keytabfiles, JAAS > config files... and the various changes on client > browsers. Sounds like it could be working. What exactly indicates to you that it is not? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
