Hello everyone! According to http://cxf.apache.org/docs/client-http-transport-including-ssl- support.html#ClientHTTPTransport%28includingSSLsupport%29- SpnegoAuthentication%28Kerberos%29 CXF should be able to handle Kerberos/SPNEGO authentication when accessing web services.
I'm trying to access an ASP.NET Web Service that is secured by Kerberos (Integrated Windows authentication) using CXF. I have configured everything as stated in the documentation. Here's my cxf.xml <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xsi:schemaLocation=" http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd";> <http:conduit name="{http://some.name.space/}SoapPort.http-conduit";> <http:client AllowChunking="false" /> <http:authorization> <sec:UserName>username</sec:UserName> <sec:Password>password</sec:Password> <sec:AuthorizationType>Negotiate</sec:AuthorizationType> </http:authorization> </http:conduit> </beans> Whenever i run my code, i get the following exception: Caused by: java.lang.RuntimeException: Invalid null input: name at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:80) at org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolicy(HTTPConduit.java:771) at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:541) at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 2 more Caused by: javax.security.auth.login.LoginException: Invalid null input: name at javax.security.auth.login.LoginContext.init(LoginContext.java:229) at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAuthSupplier.java:104) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAuthSupplier.java:144) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:77) ... 12 more This happens on both Windows and Linux. krb5.conf/krb5.ini is present and found by Java. On the other hand, when I leave the Username and password blank i get an exception that no TGT could be aquired. Anyhow 'klist' on both Windows and Linux states that there is a TGT available in the cache. Caused by: java.lang.RuntimeException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:82) at org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolicy(HTTPConduit.java:771) at org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:541) at org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(MessageSenderInterceptor.java:46) at org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:263) at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352) at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304) at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134) ... 2 more Caused by: GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:450) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAuthSupplier.java:100) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAuthSupplier.java:144) at org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(SpnegoAuthSupplier.java:77) ... 12 more Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:130) at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:851) at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:309) ... 17 more Did I miss anything in my configuration? Thanks in advance!
