Finally the issue is solved though second arose
most likely my keytab/cache was broken
Now the question is what is wrong with wsdl or do i have to tweak it or
wcftestservice somehow in order to make it work?
.net client works fine since we sorted out spn and service configuration
INFO: Can not initialize the default wsdl from wcftestservice.wsdl
2014-11-04 09:37:12
org.apache.cxf.wsdl.service.factory.ReflectionServiceFactoryBean
buildServiceFromWSDL
INFO: Creating Service {http://tempuri.org/}Service from WSDL:
http://dvm-acc01/WCFTestService/Service.svc?singlewsdl
Invoking getData...
2014-11-04 09:37:13 org.apache.cxf.ws.policy.AssertionBuilderRegistryImpl
handleNoRegisteredBuilder
WARNING: No assertion builder for type
{http://schemas.microsoft.com/ws/06/2004/policy/http}NegotiateAuthentication
registered.
Config name: C:\Windows\krb5.ini
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
Acquire TGT from Cache
>>>KinitOptions cache name is C:\Users\my_user\krb5cc_my_user
>>>DEBUG <CCacheInputStream> client principal is my_user@somedomain
>>>DEBUG <CCacheInputStream> server principal is
krbtgt/somedomain@somedomain
>>>DEBUG <CCacheInputStream> key type: 23
>>>DEBUG <CCacheInputStream> auth time: Fri Oct 31 14:59:37 CET 2014
>>>DEBUG <CCacheInputStream> start time: Fri Oct 31 14:59:37 CET 2014
>>>DEBUG <CCacheInputStream> end time: Sat Nov 01 00:59:37 CET 2014
>>>DEBUG <CCacheInputStream> renew_till time: Thu Jan 01 01:00:00 CET 1970
>>> CCacheInputStream: readFlags() INITIAL; PRE_AUTH;
Host address is /10.x.x.x
Host address is /0:0:0:0:0:0:0:1
>>> KrbCreds found the default ticket granting ticket in credential cache.
>>> LSA contains TGT for my_user@somedomain not testuser@somedomain
Principal is testuser@somedomain
null credentials from Ticket Cache
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 54; type: 23
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 70; type: 18
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 54; type: 17
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 62; type: 16
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 46; type: 3
>>> KeyTabInputStream, readName(): somedomain
>>> KeyTabInputStream, readName(): testuser
>>> KeyTab: load() entry length: 46; type: 1
Added key: 1version: 1
Added key: 3version: 1
Added key: 16version: 1
Added key: 17version: 1
Added key: 18version: 1
Added key: 23version: 1
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23 18 17 16 3 1.
0: EncryptionKey: keyType=23 kvno=1 keyValue (hex dump)=
1: EncryptionKey: keyType=18 kvno=1 keyValue (hex dump)=
2: EncryptionKey: keyType=17 kvno=1 keyValue (hex dump)=
3: EncryptionKey: keyType=16 kvno=1 keyValue (hex dump)=
4: EncryptionKey: keyType=3 kvno=1 keyValue (hex dump)=
5: EncryptionKey: keyType=1 kvno=1 keyValue (hex dump)=
principal's key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 18 17 16 3 1.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=somekdc UDP:88, timeout=30000, number of retries =3,
>>> #bytes=151
>>> KDCCommunication: kdc=somekdc UDP:88, timeout=30000,Attempt =1,
>>> #bytes=151
>>> KrbKdcReq send: #bytes read=213
>>> KrbKdcReq send: #bytes read=213
>>> KdcAccessibility: remove somekdc
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Tue Nov 04 09:37:13 CET 2014 1415090233000
suSec is 147001
error code is 25
error Message is Additional pre-authentication required
realm is somedomain
sname is krbtgt/somedomain
eData provided.
msgType is 30
>>>Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 18
PA-ETYPE-INFO2 salt = somedomaintestuser
PA-ETYPE-INFO2 s2kparams = null
PA-ETYPE-INFO2 etype = 23
PA-ETYPE-INFO2 salt = null
PA-ETYPE-INFO2 s2kparams = null
PA-ETYPE-INFO2 etype = 3
PA-ETYPE-INFO2 salt = somedomaintestuser
PA-ETYPE-INFO2 s2kparams = null
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
Updated salt from pre-auth = somedomaintestuser
>>>KrbAsReq salt is somedomaintestuser
default etypes for default_tkt_enctypes: 23 18 17 16 3 1.
Pre-Authenticaton: find key for etype = 18
AS-REQ: Add PA_ENC_TIMESTAMP now
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=somekdc UDP:88, timeout=30000, number of retries =3,
>>> #bytes=238
>>> KDCCommunication: kdc=somekdc UDP:88, timeout=30000,Attempt =1,
>>> #bytes=238
>>> KrbKdcReq send: #bytes read=1365
>>> KrbKdcReq send: #bytes read=1365
>>> KdcAccessibility: remove somekdc
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
>>> KrbAsRep cons in KrbAsReq.getReply testuser
principal is testuser@somedomain
EncryptionKey: keyType=23 keyBytes (hex dump)=0000:
EncryptionKey: keyType=18 keyBytes (hex dump)=0000:
EncryptionKey: keyType=17 keyBytes (hex dump)=0000:
EncryptionKey: keyType=16 keyBytes (hex dump)=0000:
EncryptionKey: keyType=3 keyBytes (hex dump)=0000:
EncryptionKey: keyType=1 keyBytes (hex dump)=0000:
Commit Succeeded
equals = false
Found ticket for testuser@somedomain to go to krbtgt/somedomain@somedomain
expiring on Tue Nov 04 19:37:13 CET 2014
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
default etypes for default_tgs_enctypes: 23 18 17 16 3 1.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=somekdc UDP:88, timeout=30000, number of retries =3,
>>> #bytes=1325
>>> KDCCommunication: kdc=somekdc UDP:88, timeout=30000,Attempt =1,
>>> #bytes=1325
>>> KrbKdcReq send: #bytes read=1288
>>> KrbKdcReq send: #bytes read=1288
>>> KdcAccessibility: remove somekdc
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 798381327
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
2014-11-04 09:37:14 org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor
handleMessageInternal
WARNING: Request does not contain Security header, but it's a fault.
2014-11-04 09:37:14 org.apache.cxf.phase.PhaseInterceptorChain
doDefaultLogging
WARNING: Interceptor for
{http://tempuri.org/}Service#{http://tempuri.org/}GetData has thrown
exception, unwinding now
org.apache.cxf.binding.soap.SoapFault: An error occurred when verifying
security for the message.
--
View this message in context:
http://cxf.547215.n5.nabble.com/possible-wss4j-bug-tp5750539p5750651.html
Sent from the cxf-user mailing list archive at Nabble.com.
