JBoss Negotiate - Error When Obtaining Ldap Context
nulltransfer May 12, 2009 3:59 PMHi jboss developers,
I am using Jboss Negotiation 4.0.3GA and for some reason I am getting an exception when the code tries to obtain a ldap connection.
Below is the stack trace.
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext 2009-05-12 14:15:25,593 WARN [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Authentication was performed despite already being authenticated! 2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getCredDelegState() = false 2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getMutualAuthState() = true 2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getSrcName() = xamyuser@MYDOMAIN.COM 2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - true 2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Storing username 'xamyuser@MYDOMAIN.COM' and empty password 2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk true 2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] initialize, instance=@6455597 2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Security domain: SPNEGO 2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Using GSSAPI to connect to LDAP 2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=10 2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: com.sun.security.auth.module.Krb5LoginModule ControlFlag: LoginModuleControlFlag: required Options:name=principal, value=xsqajboss@MYDOMAIN.COM name=useKeyTab, value=true name=storeKey, value=true name=keyTab, value=E:\\jboss-4.2.3.GA\\server\\default\\conf\\xsqajboss.keytab name=debug, value=true name=doNotPrompt, value=true 2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Subject = Subject: Principal: xsqajboss@MYDOMAIN.COM Private Credential: Ticket (hex) = 0000: 61 82 03 D5 30 82 03 D1 A0 03 02 01 05 A1 0A 1B a...0........... 0010: 08 4E 45 58 55 53 2E 44 53 A2 1D 30 1B A0 03 02 .MYDOMAIN.COM..0.... 0020: 01 02 A1 14 30 12 1B 06 6B 72 62 74 67 74 1B 08 ....0...krbtgt.. 0030: 4E 45 58 55 53 2E 44 53 A3 82 03 9D 30 82 03 99 MYDOMAIN.COM....0... 0040: A0 03 02 01 17 A1 03 02 01 02 A2 82 03 8B 04 82 ................ 0050: 03 87 3E 48 A0 02 A8 70 0E 82 D6 E1 E6 04 BD 11 ..>H...p........ 0060: C8 78 C2 DC 7F 8D 27 53 B9 CA 0B FF 52 24 46 81 .x....'S....R$F. 0070: 6C 10 F5 EB 11 48 F6 72 A8 E2 98 DF DE 95 07 62 l....H.r.......b 0080: B7 E1 A1 4E 40 FA 0E 56 DB CE CA BD 71 8D 85 27 ...N@..V....q..' 0090: D3 D6 A1 10 DB 7A E8 DE A0 1C ED BD 99 29 0C ED .....z.......).. 00A0: EE 8B 37 83 5C 5A 27 73 93 4F 3E 5B 4B 40 5B 38 ..7.\Z's.O>[K@[8 00B0: E0 19 EA 7E 96 D4 B5 1B 5B BC 32 1A 3F 77 E8 9B ........[.2.?w.. 00C0: 80 BC CB 51 A1 94 D0 06 C5 95 ED EE 51 9B 04 10 ...Q........Q... 00D0: 54 33 B8 83 4F F3 62 2B B2 EC 47 27 AF B9 13 6D T3..O.b+..G'...m 00E0: B5 A0 B4 06 C0 88 01 64 5F EA 54 2F 96 B0 92 61 .......d_.T/...a 00F0: CE 7E 30 C2 0F 8A D5 D3 70 21 59 7E AE 65 C0 AA ..0.....p!Y..e.. 0100: F1 34 88 73 54 C1 3B 88 23 D4 9D AC 53 1A 5B 73 .4.sT.;.#...S.[s 0110: EA A8 D1 61 E0 E5 56 13 8E B4 86 FB 4D 48 9D B2 ...a..V.....MH.. 0120: 24 D1 24 65 EB 6A D4 33 74 DF 96 51 A2 B9 51 79 $.$e.j.3t..Q..Qy 0130: 9E 22 A1 FA 6C 4C EE 8F 3D 38 28 34 74 4A 33 C2 ."..lL..=8(4tJ3. 0140: 03 94 89 65 0D 82 32 A5 4B 6B F9 9F AE 1F 45 A2 ...e..2.Kk....E. 0150: 6F 2D C5 34 B9 C7 80 16 DB 8B 7A A1 A7 74 83 4B o-.4......z..t.K 0160: 58 47 A2 C8 A7 6E EC BC 7A 45 E2 A5 F2 FA 8B 7F XG...n..zE...... 0170: CE 36 3B 83 73 C7 70 81 0A 1E AC 8A 91 C3 C6 09 .6;.s.p......... 0180: 2E 01 6A 31 3A C9 CC 7E 0C 8B 07 D6 22 29 5F AF ..j1:.......")_. 0190: 22 95 D8 CE 0D F2 C5 E8 8E 65 18 7A 21 E9 4A 04 "........e.z!.J. 01A0: B0 2A E8 42 74 B7 75 1A F1 19 B2 75 70 E2 8A FA .*.Bt.u....up... 01B0: B7 60 46 C7 64 A7 C0 D0 78 F8 BB 2F 9A E0 C7 EA .`F.d...x../.... 01C0: A6 86 B7 FF E6 D9 B2 AF 70 F3 8C F2 56 C8 84 4E ........p...V..N 01D0: BB 00 44 39 75 6D 27 0A 5E A9 E3 63 F9 9D B4 18 ..D9um'.^..c.... 01E0: 5E C7 B1 69 31 90 89 23 2A 4E 34 5C FF B7 38 C2 ^..i1..#*N4\..8. 01F0: 93 90 A8 09 F3 14 63 D0 F0 DD 49 C7 D7 78 B3 8B ......c...I..x.. 0200: 35 95 73 3A 3E 70 19 2A 55 09 72 7A 79 FC 13 25 5.s:>p.*U.rzy..% 0210: DC 88 D9 ED 54 6D E3 49 3D CE 35 6F BF 93 CB A5 ....Tm.I=.5o.... 0220: 7D E0 D3 6B A6 EC 61 50 10 C8 C3 0C 6B A2 8B DC ...k..aP....k... 0230: 80 82 AB 7F 71 58 78 4C 81 DC 6C 2F CE 19 B6 3E ....qXxL..l/...> 0240: DB 83 47 54 B9 80 34 5C 33 40 14 5B 9F 77 2D 86 ..GT..4\3@.[.w-. 0250: D7 80 7C BD F7 A8 69 B4 C8 78 DF 30 11 39 0F B2 ......i..x.0.9.. 0260: 92 8E E6 94 06 35 2A A0 4D C8 2E 4B 6B 1E AA 5B .....5*.M..Kk..[ 0270: EE C5 E8 6C 24 F6 0A 17 5B 85 4A C2 8E DE 37 F2 ...l$...[.J...7. 0280: 0D 6B AA C8 38 F8 6D C0 04 93 2A E0 91 5C 5A 36 .k..8.m...*..\Z6 0290: 12 10 C9 9F B4 F0 22 69 59 D6 BD 35 D9 6D CA 38 ......"iY..5.m.8 02A0: 87 D3 05 FC 94 F0 9F FD 8F 9D B8 D5 8C 5A 0B D1 .............Z.. 02B0: 39 94 B5 6F 66 8E BB 90 B4 EE 44 2D 98 4C D5 9D 9..of.....D-.L.. 02C0: 6F 66 10 2A F0 A8 BE 7C AA 0A 8D 27 08 C3 79 F0 of.*.......'..y. 02D0: 78 C5 39 65 6F 67 E2 C9 16 47 ED 8F A6 50 B6 35 x.9eog...G...P.5 02E0: BF 3B 6B 14 C1 74 28 48 88 BF 6E 6D 76 67 A1 E5 .;k..t(H..nmvg.. 02F0: 38 35 A9 85 0A 11 C4 27 DD C8 36 8F 87 51 BD B4 85.....'..6..Q.. 0300: 4F 48 CD 94 34 44 01 91 88 FE FD 6F 5E 4B B5 07 OH..4D.....o^K.. 0310: 59 E7 FB 49 11 E0 49 7B 3D 07 AE 31 00 79 21 42 Y..I..I.=..1.y!B 0320: EB 91 A0 EF 21 B1 7E C7 F0 2C 29 41 2B C3 10 86 ....!....,)A+... 0330: 52 4D 62 09 5E D9 66 24 F5 AC E5 7E 1A 01 72 A2 RMb.^.f$......r. 0340: 30 6A 6F 65 F2 A0 64 17 02 72 37 F4 FF 11 4C 29 0joe..d..r7...L) 0350: 48 A2 3C B1 4B 0C 46 1D 1A 83 9C 03 AE 28 AD 79 H.<.K.F......(.y 0360: DD 9A 25 EC 0C DD 66 69 0F EE F3 20 4B 42 77 D8 ..%...fi... KBw. 0370: 7C D5 29 FF FC 2B 69 CA 20 BC FA B7 8B 22 89 75 ..)..+i. ....".u 0380: 35 7A C3 35 1C C2 E3 90 69 16 E1 9B E6 19 C1 D0 5z.5....i....... 0390: AF 43 A8 32 BB 8E 3C 18 28 A6 E3 5C 54 3A D8 85 .C.2..<.(..\T:.. 03A0: 23 D3 32 B8 D8 C7 3D 2D A1 78 2C F7 EC AF AB AA #.2...=-.x,..... 03B0: B6 22 D7 B8 7B 07 BB 01 35 75 CC A4 72 B5 64 7C ."......5u..r.d. 03C0: DD CC F4 50 09 F1 BF B0 59 35 49 B7 B9 D3 5E C1 ...P....Y5I...^. 03D0: 92 6A 7D 7E E7 64 EF FD 06 .j...d... Client Principal = xsqajboss@MYDOMAIN.COM Server Principal = krbtgt/MYDOMAIN.COM@MYDOMAIN.COM Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)= 0000: 66 CC 4E 08 24 60 4E 55 3B 48 08 59 7B 49 86 49 f.N.$`NU;H.Y.I.I Forwardable Ticket false Forwarded Ticket false Proxiable Ticket false Proxy Ticket false Postdated Ticket false Renewable Ticket false Initial Ticket false Auth Time = Tue May 12 14:15:25 GMT-05:00 2009 Start Time = Tue May 12 14:15:25 GMT-05:00 2009 End Time = Wed May 13 00:15:25 GMT-05:00 2009 Renew Till = null Client Addresses Null Private Credential: Kerberos Principal xsqajboss@MYDOMAIN.COMKey Version 3key EncryptionKey: keyType=23 keyBytes (hex dump)= 0000: C5 8C DC 62 8A 47 EC BB 70 26 A1 42 21 43 04 4B ...b.G..p&.B!C.K 2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logged in 'javax.security.auth.login.LoginContext@10eb6ae' LoginContext 2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] login 2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Identity - xamyuser@MYDOMAIN.COM 2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, password-stacking=useFirstPass, baseCtxDN=DC=MYDOMAIN,DC=COM, roleAttributeID=memberOf, baseFilter=(userPrincipalName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://WDCSI1A.mydomain.com, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true} 2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort 2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] abort 2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure javax.security.auth.login.LoginException: Unable to create new InitialLdapContext at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:485) at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:339) at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:734) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:337) at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:279) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:619) Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]] at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:481) ... 31 more Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)] at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194) at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105) ... 43 more Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230) at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175) ... 44 more Caused by: KrbException: Fail to create credential. (63) - No service creds at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:279) at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562) at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594) ... 47 more 2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false 2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.common.NegotiationContext] clear 11116972 2009-05-12 14:15:25,624 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
I can't seem to figure out what is causing the above error. Any help will be greatly appreciated.