[cas-user] Spnego ERROR on CAS 5.2.0

Tue, 09 Jan 2018 00:01:09 -0800 

Hello!
I'm trying to configure Spnego on CAS 5.2.0 

I added required dependency to pom file:

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-spnego-webflow</artifactId>
    <version>${cas.version}</version>
</dependency>


I have an SPN account and working keytab file. I've configured krb5.conf 
and login.conf as it says in here SPNEGO-Authentication.html 
<https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html>
I configured my browsers to support Kerberos.
Here is the SPNEGO part of cas configuration file:
# SPNEGO
# cas.authn.spnego.kerberosConf=
cas.authn.spnego.mixedModeAuthentication=true
# cas.authn.spnego.cachePolicy=600
# cas.authn.spnego.timeout=300000
cas.authn.spnego.jcifsServicePrincipal=HTTP/kerberos.mycompany...@mycompany.kz
# cas.authn.spnego.jcifsNetbiosWins=
cas.authn.spnego.loginConf=file:D:\\etc\\cas\\config\\login.conf
# cas.authn.spnego.ntlmAllowed=true
# cas.authn.spnego.hostNamePatternString=.+
# cas.authn.spnego.jcifsUsername=
# cas.authn.spnego.useSubjectCredsOnly=false
# cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
# cas.authn.spnego.jcifsDomainController=
# cas.authn.spnego.dnsTimeout=2000
# cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction
cas.authn.spnego.kerberosKdc=dc01.mycompany.kz
# cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader
# cas.authn.spnego.jcifsDomain=
# cas.authn.spnego.ipsToCheckPattern=127.+
# cas.authn.spnego.kerberosDebug=true
# cas.authn.spnego.send401OnAuthenticationFailure=true
cas.authn.spnego.kerberosRealm=MYCOMPANY.KZ
# cas.authn.spnego.ntlm=false
# cas.authn.spnego.principalWithDomainName=false
cas.authn.spnego.jcifsServicePassword=1q2w3e4r

When I open login page there is the next error on CAS logs:

2018-01-09 13:47:33,472 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue Jan 09 13:47:33 ALMT 
2018,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Jan 09 13:47:33 ALMT 2018
CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
=============================================================

>
2018-01-09 13:47:33,487 DEBUG 
[org.apereo.cas.support.oauth.validator.OAuth20AuthenticationServiceSelectionStrategy]
 
- <Authentication request is not identified as an OAuth request>
2018-01-09 13:47:33,488 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <Located client IP address as [fe80:0:0:0:459b:8012:528e:462a%20]>
2018-01-09 13:47:33,490 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <User agent [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) 
Gecko/20100101 Firefox/53.0] is authorized to proceed>
2018-01-09 13:47:33,490 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <Adaptive authentication policy has authorized client 
[fe80:0:0:0:459b:8012:528e:462a%20] to proceed.>
2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
<Evaluating request to determine if warning cookie should be generated>
2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
<Evaluating request to determine if warning cookie should be generated>
2018-01-09 13:47:33,493 DEBUG 
[org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] 
- <Authentication handlers used for this transaction are 
[JcifsSpnegoAuthenticationHandler,QueryDatabaseAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler,AcceptUsersAuthenticationHandler,LdapAuthenticationHandler]>
2018-01-09 13:47:33,494 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Processing SPNEGO authentication>
2018-01-09 13:47:33,526 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Authenticated SPNEGO principal [null]>
2018-01-09 13:47:33,527 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Retrieving the next token for authentication>
2018-01-09 13:47:33,528 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Setting nextToken in credential>
2018-01-09 13:47:33,530 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, 
the processing of the SPNEGO Token failed].>
2018-01-09 13:47:33,531 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [QueryDatabaseAuthenticationHandler]>
2018-01-09 13:47:33,532 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [AcceptUsersAuthenticationHandler]>
2018-01-09 13:47:33,532 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [LdapAuthenticationHandler]>
2018-01-09 13:47:33,533 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that supports [unknown] of type [SpnegoCredential].>
2018-01-09 13:47:33,534 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: unknown
WHAT: Supplied credentials: [unknown]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Jan 09 13:47:33 ALMT 2018
CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
=============================================================

>

Has anyone here had the same issue or knows how to solve it?
I suspect it's a bug.

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7cfd9400-7e6f-4be4-b125-b609cdba15d6%40apereo.org.

Reply via email to