7 Replies Latest reply on Apr 13, 2011 2:32 AM by goc

    JBoss Negotiation Failing

    vimalkansal

      Hi,

      I have setup the JBoss Negotiation 2.0.3 GA as per the documentation and with following components :

      Active Directory:
      Win 2003 SP2

      JBoss
      EAP 4.3 CP06

      FireFox
      3.5.2

      I am able to see the first 2 tests of the Negotiation Toolkit pass, but the third one fails with following stack trace :

      =========================================================================================================
      15:11:50,349 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab
      lt/appserver.host.keytab refreshKrb5Config is false principal is host/appserver@AEC.COM.AU tryFirstPass is false useFirstPass is false storePass is false
      15:11:50,505 INFO [STDOUT] principal's key obtained from the keytab
      15:11:50,505 INFO [STDOUT] Acquire TGT using AS Exchange
      15:11:50,755 INFO [STDOUT] principal is host/appserver@AEC.COM.AU
      15:11:50,755 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 0E 8F 07 BC 9E FD 41 B2 C9 2D 0A 8A 27 7D AA E0 ......A..-..'...
      15:11:50,771 INFO [STDOUT] Added server's keyKerberos Principal host/appserver@AEC.COM.AUKey Version 3key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 0E 8F 07 BC 9E FD 41 B2 C9 2D 0A 8A 27 7D AA E0 ......A..-..'...
      15:11:50,771 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/appserver@AEC.COM.AU to Subject
      15:11:50,771 INFO [STDOUT] Commit Succeeded
      15:11:50,771 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      15:11:50,771 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      15:11:51,115 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab
      lt/appserver.host.keytab refreshKrb5Config is false principal is host/appserver@AEC.COM.AU tryFirstPass is false useFirstPass is false storePass is false
      15:11:51,115 INFO [STDOUT] principal's key obtained from the keytab
      15:11:51,115 INFO [STDOUT] Acquire TGT using AS Exchange
      15:11:51,130 INFO [STDOUT] principal is host/appserver@AEC.COM.AU
      15:11:51,130 INFO [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 0E 8F 07 BC 9E FD 41 B2 C9 2D 0A 8A 27 7D AA E0 ......A..-..'...
      15:11:51,130 INFO [STDOUT] Added server's keyKerberos Principal host/appserver@AEC.COM.AUKey Version 3key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 0E 8F 07 BC 9E FD 41 B2 C9 2D 0A 8A 27 7D AA E0 ......A..-..'...
      15:11:51,130 INFO [STDOUT] [Krb5LoginModule] added Krb5Principal host/appserver@AEC.COM.AU to Subject
      15:11:51,130 INFO [STDOUT] Commit Succeeded
      15:11:51,162 ERROR [STDERR] Checksum failed !
      15:11:51,162 ERROR [SPNEGOLoginModule] Unable to authenticate
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
      at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.Subject.doAs(Subject.java:337)
      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)
      Caused by: KrbException: Checksum failed
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
      at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
      at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
      at sun.security.krb5.KrbApReq.(KrbApReq.java:134)
      at sun.security.jgss.krb5.InitSecContextToken.(InitSecContextToken.java:79)
      at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
      ... 32 more
      Caused by: java.security.GeneralSecurityException: Checksum failed
      at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
      at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
      at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
      ... 38 more
      15:11:51,162 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      15:11:51,162 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      =========================================================================================================================

      Can somebody please help.

      TIA

      Vimal