Continuation Required exception
oourfali Jan 30, 2012 7:27 AMHi Darren,
We are trying to configure SPNEGO auth for my web application and hitting some kerberos related problems.
We've been following the 'User Guide for JBoss Negotiation' with the relevant changes as documented here: https://community.jboss.org/wiki/DRAFTUsingJBossNegotiationOnAS7
KDC is AD2003R2
and after a few trial and errors we've got the SPN right
However, when trying the secured test in the negotiation toolkit (from both win2003R2 and WinXP), we get the following :
2012-01-16 17:43:57,116 INFO [stdout] (http--0.0.0.0-8080-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/tlv/oourfali/negotiation/service.keytab refreshKrb5Config is false principal is host/MY_HOST@MY_DOMAIN tryFirstPass is false useFirstPass is false storePass is false clearPass is false
2012-01-16 17:43:57,117 INFO [stdout] (http--0.0.0.0-8080-1) principal's key obtained from the keytab
2012-01-16 17:43:57,117 INFO [stdout] (http--0.0.0.0-8080-1) Acquire TGT using AS Exchange
2012-01-16 17:43:57,123 INFO [stdout] (http--0.0.0.0-8080-1) principal is host/MY_HOST@MY_DOMAIN
2012-01-16 17:43:57,123 INFO [stdout] (http--0.0.0.0-8080-1) EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 23 83 92 78 CB 63 67 D2 39 40 AD 53 A9 C0 23 A0 #..x.cg.9@.S..#.
2012-01-16 17:43:57,123 INFO [stdout] (http--0.0.0.0-8080-1)
2012-01-16 17:43:57,125 INFO [stdout] (http--0.0.0.0-8080-1) Added server's keyKerberos Principal host/MY_HOST@MY_DOMAINKey Version 8key EncryptionKey: keyType=23 keyBytes (hex dump)=
2012-01-16 17:43:57,125 INFO [stdout] (http--0.0.0.0-8080-1) 0000: 23 83 92 78 CB 63 67 D2 39 40 AD 53 A9 C0 23 A0 #..x.cg.9@.S..#.
2012-01-16 17:43:57,125 INFO [stdout] (http--0.0.0.0-8080-1)
2012-01-16 17:43:57,125 INFO [stdout] (http--0.0.0.0-8080-1)
2012-01-16 17:43:57,126 INFO [stdout] (http--0.0.0.0-8080-1) [Krb5LoginModule] added Krb5Principal host/MY_HOST@MY_DOMAIN to Subject
2012-01-16 17:43:57,126 INFO [stdout] (http--0.0.0.0-8080-1) Commit Succeeded
2012-01-16 17:43:57,126 INFO [stdout] (http--0.0.0.0-8080-1)
2012-01-16 17:43:57,126 INFO [stdout] (http--0.0.0.0-8080-1) [Krb5LoginModule]: Entering logout
2012-01-16 17:43:57,126 INFO [stdout] (http--0.0.0.0-8080-1) [Krb5LoginModule]: logged out Subject
2012-01-16 17:43:57,127 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--0.0.0.0-8080-1) Login failure: javax.security.auth.login.LoginException: Continuation Required.
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:174) [jboss-negotiation-2.2.0.Beta3.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_24]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_24]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_24]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:412) [picketbox-infinispan-4.0.6.Beta1.jar:]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:346) [picketbox-infinispan-4.0.6.Beta1.jar:]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:155) [picketbox-infinispan-4.0.6.Beta1.jar:]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:214) [jboss-as-web-7.1.0.Beta1b.jar:]
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:187) [jboss-negotiation-2.2.0.Beta3.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.3.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:151) [jboss-as-web-7.1.0.Beta1b.jar:]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.3.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.3.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.3.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.3.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.3.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.3.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.3.Final.jar:]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_24]
Appreciate your help,
Oved