Hi, I am setting a new CAS server in order to replace our well working 3.5.1, and I was I not able to have a working SPNEGO auth. Of course, it was impossible to use the good old configuration files because of so many changes in implementation. I have been following the instructions here : https://apereo.github.io/cas/6.4.x/authentication/SPNEGO-Authentication.html but it was not working and some informations were missing (how to configure the JCIFS principal in the configuration file, as we only want to rely on Kerberos, NTLM is not considered). It seems I had an almost working configuration for some times, but I suspect a typo in the documentation. Here is why. If I use a JAAS configuration file like this one :
jcifs.spnego.initiate { com.sun.security.auth.module.Krb5LoginModule \ required storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab"; }; jcifs.spnego.accept { com.sun.security.auth.module.Krb5LoginModule \ required storeKey=true useKeyTab=true keyTab="/home/cas/kerberos/myspnaccount.keytab"; }; Authentication fails and I get the following exceptions : 2022-02-24 09:10:09,340 DEBUG [org.springframework.webflow.engine.ActionState] - 2022-02-24 09:10:09,342 DEBUG [org.springframework.webflow.execution.ActionExecutor] - 2022-02-24 09:10:09,342 DEBUG [org.springframework.webflow.execution.ActionExecutor] - 2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - 2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - 2022-02-24 09:10:09,342 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - 2022-02-24 09:10:09,343 DEBUG [org.apereo.cas.web.flow.SpnegoCredentialsAction] - -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/20220224102859.E4F4DC005D%40smtp04.mail.de.