Hello! I'm trying to configure Spnego on CAS 5.2.0 I added required dependency to pom file:
<dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-spnego-webflow</artifactId> <version>${cas.version}</version> </dependency> I have an SPN account and working keytab file. I've configured krb5.conf and login.conf as it says in here SPNEGO-Authentication.html <https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html> I configured my browsers to support Kerberos. Here is the SPNEGO part of cas configuration file: # SPNEGO # cas.authn.spnego.kerberosConf= cas.authn.spnego.mixedModeAuthentication=true # cas.authn.spnego.cachePolicy=600 # cas.authn.spnego.timeout=300000 cas.authn.spnego.jcifsServicePrincipal=HTTP/kerberos.mycompany...@mycompany.kz # cas.authn.spnego.jcifsNetbiosWins= cas.authn.spnego.loginConf=file:D:\\etc\\cas\\config\\login.conf # cas.authn.spnego.ntlmAllowed=true # cas.authn.spnego.hostNamePatternString=.+ # cas.authn.spnego.jcifsUsername= # cas.authn.spnego.useSubjectCredsOnly=false # cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit # cas.authn.spnego.jcifsDomainController= # cas.authn.spnego.dnsTimeout=2000 # cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction cas.authn.spnego.kerberosKdc=dc01.mycompany.kz # cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader # cas.authn.spnego.jcifsDomain= # cas.authn.spnego.ipsToCheckPattern=127.+ # cas.authn.spnego.kerberosDebug=true # cas.authn.spnego.send401OnAuthenticationFailure=true cas.authn.spnego.kerberosRealm=MYCOMPANY.KZ # cas.authn.spnego.ntlm=false # cas.authn.spnego.principalWithDomainName=false cas.authn.spnego.jcifsServicePassword=1q2w3e4r When I open login page there is the next error on CAS logs: 2018-01-09 13:47:33,472 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: audit:unknown WHAT: [event=success,timestamp=Tue Jan 09 13:47:33 ALMT 2018,source=RankedAuthenticationProviderWebflowEventResolver] ACTION: AUTHENTICATION_EVENT_TRIGGERED APPLICATION: CAS WHEN: Tue Jan 09 13:47:33 ALMT 2018 CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20 SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20 ============================================================= > 2018-01-09 13:47:33,487 DEBUG [org.apereo.cas.support.oauth.validator.OAuth20AuthenticationServiceSelectionStrategy] - <Authentication request is not identified as an OAuth request> 2018-01-09 13:47:33,488 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as [fe80:0:0:0:459b:8012:528e:462a%20]> 2018-01-09 13:47:33,490 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0] is authorized to proceed> 2018-01-09 13:47:33,490 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [fe80:0:0:0:459b:8012:528e:462a%20] to proceed.> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated> 2018-01-09 13:47:33,493 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [JcifsSpnegoAuthenticationHandler,QueryDatabaseAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler,AcceptUsersAuthenticationHandler,LdapAuthenticationHandler]> 2018-01-09 13:47:33,494 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication> 2018-01-09 13:47:33,526 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Authenticated SPNEGO principal [null]> 2018-01-09 13:47:33,527 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Retrieving the next token for authentication> 2018-01-09 13:47:33,528 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Setting nextToken in credential> 2018-01-09 13:47:33,530 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, the processing of the SPNEGO Token failed].> 2018-01-09 13:47:33,531 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential is not one of username/password and is not accepted by handler [QueryDatabaseAuthenticationHandler]> 2018-01-09 13:47:33,532 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential is not one of username/password and is not accepted by handler [AcceptUsersAuthenticationHandler]> 2018-01-09 13:47:33,532 DEBUG [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler] - <Credential is not one of username/password and is not accepted by handler [LdapAuthenticationHandler]> 2018-01-09 13:47:33,533 ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [unknown] of type [SpnegoCredential].> 2018-01-09 13:47:33,534 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN ============================================================= WHO: unknown WHAT: Supplied credentials: [unknown] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue Jan 09 13:47:33 ALMT 2018 CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20 SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20 ============================================================= > Has anyone here had the same issue or knows how to solve it? I suspect it's a bug. Thanks. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/7cfd9400-7e6f-4be4-b125-b609cdba15d6%40apereo.org.