Problem with SPNEGO/Kerberos
Dear All,
we are trying to setup SPNEGO. Of course there are problems.
We are using jboss-negotiation-toolkit to test basic SPNEGO parts.
So the first test - browser to answer properly on Negotiate header passes on some machines and on some don't. I'm taking about Internet Explorer. For Chrome it is working and it's also working in Firefox after adding hostname to network.negotiate-auth.trusted-uris setting. For the Internet Explorer the hostanem was added globaly to Local Intranet.
The second test - if server will authenticate - also works.
Now the problem goes down to the third servlet. It returns 401 and this is the same for our custom application which is supposed to use SPNEGO.
Now, some of our configuration:
1. Hostnames of our servers are added to SPN's both with short name and with domanin name
2. IP address of the hostanem is resolved to the correct DNS name and the other way around
3. login-config.xml looks like this:
<application-policy name="host">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey">true</module-option>
<module-option name="useKeyTab">true</module-option>
<module-option name="principal">principal@DOMAIN.COM</module-option>
<module-option name="keyTab">/home/user/file.keytab</module-option>
<module-option name="doNotPrompt">true</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name="SPNEGO">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule" flag="requisite">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="serverSecurityDomain">host</module-option>
</login-module>
<login-module code="org.jboss.security.negotiation.AdvancedLdapLoginModule" flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="bindAuthentication">GSSAPI</module-option>
<module-option name="jaasSecurityDomain">host</module-option>
<module-option name="java.naming.provider.url">ldap://ldapserver:389</module-option>
<module-option name="baseCtxDN">OU=PL,OU=Users,DC=domain,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="stripDomainName">true</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="recurseRoles">true</module-option>
<module-option name="searchScope">OBJECT_SCOPE</module-option>
</login-module>
</authentication>
</application-policy>
4. We are passing following parameters for Java
-Djava.security.krb5.realm=DOMAIN.COM -Djava.security.krb5.kdc=kdc.domain.com -Djava.security.krb5.conf=/etc/krb5.conf -Dsun.security.krb5.debug=true
5. Log file looks like this:
2013-08-09 11:31:54,924 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:{}
2013-08-09 11:31:54,925 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-serverIP-8080-11) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
2013-08-09 11:31:54,925 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) Authenticating user
2013-08-09 11:31:54,925 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) Header - null
2013-08-09 11:31:54,925 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) No Authorization Header, sending 401
2013-08-09 11:31:54,925 TRACE [org.jboss.security.SecurityAssociation] (http-serverIP-8080-11) clear, server=true
2013-08-09 11:31:54,925 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:null
2013-08-09 11:31:54,925 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:null
2013-08-09 11:31:54,939 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:{}
2013-08-09 11:31:54,939 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-serverIP-8080-11) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
2013-08-09 11:31:54,940 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) Authenticating user
2013-08-09 11:31:54,940 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) Header - Negotiate YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAACoTO/eJugb/imQuz4yyJIAVauv4sP4y18NFVhvUt466JJcwxcQrvJHrSZ1peD6cTQAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=
2013-08-09 11:31:54,940 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-serverIP-8080-11) YIGeBgYrBgEFBQKggZMwgZCgGjAYBgorBgEEAYI3AgIeBgorBgEEAYI3AgIKonIEcE5FR09FWFRTAAAAAAAAAABgAAAAcAAAACoTO/eJugb/imQuz4yyJIAVauv4sP4y18NFVhvUt466JJcwxcQrvJHrSZ1peD6cTQAAAAAAAAAAYAAAAAEAAAAAAAAAAAAAAEVyfDIyRYtIv9kqa6BepAo=
2013-08-09 11:31:54,940 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-serverIP-8080-11) 0x60 0x81 0x9e 0x06 0x06 0x2b 0x06 0x01 0x05 0x05 0x02 0xa0 0x81 0x93 0x30 0x81 0x90 0xa0 0x1a 0x30 0x18 0x06 0x0a 0x2b 0x06 0x01 0x04 0x01 0x82 0x37 0x02 0x02 0x1e 0x06 0x0a 0x2b 0x06 0x01 0x04 0x01 0x82 0x37 0x02 0x02 0x0a 0xa2 0x72 0x04 0x70 0x4e 0x45 0x47 0x4f 0x45 0x58 0x54 0x53 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x60 0x00 0x00 0x00 0x70 0x00 0x00 0x00 0x2a 0x13 0x3b 0xf7 0x89 0xba 0x06 0xff 0x8a 0x64 0x2e 0xcf 0x8c 0xb2 0x24 0x80 0x15 0x6a 0xeb 0xf8 0xb0 0xfe 0x32 0xd7 0xc3 0x45 0x56 0x1b 0xd4 0xb7 0x8e 0xba 0x24 0x97 0x30 0xc5 0xc4 0x2b 0xbc 0x91 0xeb 0x49 0x9d 0x69 0x78 0x3e 0x9c 0x4d 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x60 0x00 0x00 0x00 0x01 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x45 0x72 0x7c 0x32 0x32 0x45 0x8b 0x48 0xbf 0xd9 0x2a 0x6b 0xa0 0x5e 0xa4 0x0a
2013-08-09 11:31:54,940 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-11) Creating new NegotiationContext
2013-08-09 11:31:54,940 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-11) associate 1630142211
2013-08-09 11:31:54,941 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-serverIP-8080-11) Begin isValid, principal:24C714DD49C3A6FCB38FFB71BE95A2C6.node_5, cache info: null
2013-08-09 11:31:54,941 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-serverIP-8080-11) defaultLogin, principal=24C714DD49C3A6FCB38FFB71BE95A2C6.node_5
2013-08-09 11:31:54,941 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-serverIP-8080-11) Begin getAppConfigurationEntry(SPNEGO), size=14
2013-08-09 11:31:54,941 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-serverIP-8080-11) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=serverSecurityDomain, value=host
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.security.negotiation.AdvancedLdapLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=bindAuthentication, value=GSSAPI
name=baseFilter, value=(sAMAccountName={0})
name=jaasSecurityDomain, value=host
name=stripDomainName, value=true
name=java.naming.provider.url, value=ldap://ldapserver:389
name=recurseRoles, value=true
name=roleNameAttributeID, value=cn
name=roleAttributeIsDN, value=true
name=baseCtxDN, value=OU=PL,OU=Users,DC=domain,DC=com
name=searchScope, value=OBJECT_SCOPE
name=roleAttributeID, value=memberOf
name=password-stacking, value=useFirstPass
2013-08-09 11:31:54,941 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) initialize
2013-08-09 11:31:54,941 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) Security domain: SPNEGO
2013-08-09 11:31:54,941 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) serverSecurityDomain=host
2013-08-09 11:31:54,941 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) login
2013-08-09 11:31:54,941 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-serverIP-8080-11) Begin getAppConfigurationEntry(host), size=14
2013-08-09 11:31:54,941 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-serverIP-8080-11) End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=principal, value=principal@DOMAIN.COM
name=useKeyTab, value=true
name=storeKey, value=true
name=keyTab, value=/home/user/file.keytab
name=debug, value=true
name=doNotPrompt, value=true
2013-08-09 11:31:54,941 INFO [STDOUT] (http-serverIP-8080-11) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /home/user/file.keytab refreshKrb5Config is false principal is principal@DOMAIN.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
2013-08-09 11:31:54,941 INFO [STDOUT] (http-serverIP-8080-11) KeyTab instance already exists
2013-08-09 11:31:54,941 INFO [STDOUT] (http-serverIP-8080-11) Added key: 23version: 5
2013-08-09 11:31:54,941 INFO [STDOUT] (http-serverIP-8080-11) Ordering keys wrt default_tkt_enctypes list
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) default etypes for default_tkt_enctypes:
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 17
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 23
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 16
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 3
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 1
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) .
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 0: EncryptionKey: keyType=23 kvno=5 keyValue (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) principal's key obtained from the keytab
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) Acquire TGT using AS Exchange
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) default etypes for default_tkt_enctypes:
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 17
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 23
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 16
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 3
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) 1
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) .
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbAsReq calling createMessage
2013-08-09 11:31:54,942 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbAsReq in createMessage
2013-08-09 11:31:54,943 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbKdcReq send: kdc=kdc.domain.com UDP:88, timeout=30000, number of retries =3, #bytes=152
2013-08-09 11:31:54,943 INFO [STDOUT] (http-serverIP-8080-11) >>> KDCCommunication: kdc=kdc.domain.com UDP:88, timeout=30000,Attempt =1, #bytes=152
2013-08-09 11:31:54,946 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbKdcReq send: #bytes read=601
2013-08-09 11:31:54,946 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbKdcReq send: #bytes read=601
2013-08-09 11:31:54,947 INFO [STDOUT] (http-serverIP-8080-11) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
2013-08-09 11:31:54,947 INFO [STDOUT] (http-serverIP-8080-11) >>> KrbAsRep cons in KrbAsReq.getReply HTTP/hostname.domain.com
2013-08-09 11:31:54,947 INFO [STDOUT] (http-serverIP-8080-11) principal is principal@DOMAIN.COM
2013-08-09 11:31:54,947 INFO [STDOUT] (http-serverIP-8080-11) EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 11:31:54,948 INFO [STDOUT] (http-serverIP-8080-11) Added server's keyKerberos Principal principal@DOMAIN.COMKey Version 5key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 11:31:54,948 INFO [STDOUT] (http-serverIP-8080-11) [Krb5LoginModule] added Krb5Principal principal@DOMAIN.COM to Subject
2013-08-09 11:31:54,948 INFO [STDOUT] (http-serverIP-8080-11) Commit Succeeded
2013-08-09 11:31:54,950 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) Subject = Subject:
Principal: principal@DOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
0010: 0A 49 4E 53 50 4F 4C 2E 42 49 5A A2 1F 30 1D A0 .DOMAIN.COM..0..
0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
0030: 1B 0A 49 4E 53 50 4F 4C 2E 42 49 5A A3 81 D3 30 ..DOMAIN.COM...0
0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
0050: 81 C0 7A 1B 05 6A 53 E9 02 99 4B 9D 1F 82 C7 DF ..z..jS...K.....
0060: 0E 75 79 65 51 CE 78 F4 76 1D EA BC B2 21 07 58 .uyeQ.x.v....!.X
0070: 50 3C 8C 19 17 43 FA ED B0 2B 4E 8F 4A D0 7C 2F P<...C...+N.J../
0080: 84 F5 61 21 0A 22 3D C6 44 EE 17 17 91 F2 CB 47 ..a!."=.D......G
0090: 59 06 28 3B 62 06 5C E0 61 F5 70 9B 24 16 51 F7 Y.(;b.\.a.p.$.Q.
00A0: 89 27 E3 F5 57 4A C6 09 22 A1 7D F2 51 F1 01 AC .'..WJ.."...Q...
00B0: A1 16 C2 23 5B 5A 7A 43 52 88 BC AF 8F 64 EA 2D ...#[ZzCR....d.-
00C0: DF F6 0E 0D 6A 77 A6 28 05 70 5C 75 8D 40 D9 DF ....jw.(.p\u.@..
00D0: B0 56 84 2B 31 90 7E 9B 19 DF 9B CB 71 D4 90 F9 .V.+1.......q...
00E0: 0E EE E8 75 2C E6 3C 0E B3 0A 1A 16 19 FD 44 81 ...u,.<.......D.
00F0: F5 B0 7F 0D A1 A6 DA 50 9E A6 AC 17 AD 79 38 6F .......P.....y8o
0100: 4B D6 6B CF 72 DD 94 81 6E 8F 42 CF B8 FE 5C 75 K.k.r...n.B...\u
0110: FB 25 .%
Client Principal = principal@DOMAIN.COM
Server Principal = krbtgt/DOMAIN.COM@DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 00 45 E9 49 ED 1E 81 DF 51 0F A5 B1 24 78 52 CB .E.I....Q...$xR.
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Fri Aug 09 11:31:54 CEST 2013
Start Time = Fri Aug 09 11:31:54 CEST 2013
End Time = Fri Aug 09 21:31:54 CEST 2013
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal principal@DOMAIN.COMKey Version 5key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 11:31:54,950 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) Logged in 'host' LoginContext
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) Result - false
2013-08-09 11:31:54,950 INFO [STDOUT] (http-serverIP-8080-11) [Krb5LoginModule]: Entering logout
2013-08-09 11:31:54,950 INFO [STDOUT] (http-serverIP-8080-11) [Krb5LoginModule]: logged out Subject
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) super.loginOk false
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-11) abort
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-11) initialize
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-11) Security domain: SPNEGO
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-11) abort
2013-08-09 11:31:54,950 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-serverIP-8080-11) Login failure
javax.security.auth.login.LoginException: Continuation Required.
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:172)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399)
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
at java.lang.Thread.run(Thread.java:619)
2013-08-09 11:31:54,950 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-serverIP-8080-11) End isValid, false
2013-08-09 11:31:54,950 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] (http-serverIP-8080-11) oQcwBaADCgEC
2013-08-09 11:31:54,952 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-11) clear 1630142211
2013-08-09 11:31:54,952 TRACE [org.jboss.security.SecurityAssociation] (http-serverIP-8080-11) clear, server=true
2013-08-09 11:31:54,952 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:null
2013-08-09 11:31:54,952 TRACE [org.jboss.security.SecurityRolesAssociation] (http-serverIP-8080-11) Setting threadlocal:null
Only 'exception' is javax.security.auth.login.LoginException: Continuation Required which is maybe not really an exception, but part of standard authentication process.
I've tried using Wireshark to see what goes around behind the scenes and track down and warnings/errors. There's probably something similar: negResult: accept-incomplete (1).
Nothing more.
If you need any other parts of our configuration - and probably you do - please let me know.\
EDIT:
One more log, this time from our application. As you can see, at the end it (goes?) to LDAP. There are no exceptions in log file.
2013-08-09 15:14:21,260 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Authenticating user
2013-08-09 15:14:21,260 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Header - null
2013-08-09 15:14:21,260 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) No Authorization Header, sending 401
2013-08-09 15:14:21,274 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Authenticating user
2013-08-09 15:14:21,274 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Header - Negotiate YIIXswYGKwYBBQUCoIIXpzCCF6OgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCF20EghdpYIIXZQYJKoZIhvcSAQICAQBughdUMIIXUKADAgEFoQMCAQ6iBwMFACAAAACjghXaYYIV1jCCFdKgAwIBBaEMGwpJTlNQT0wuQklaoiYwJKADAgECoR0wGxsESFRUUBsTc3RwbHUzODAuaW5zcG9sLmJpeqOCFZMwghWPoAMCARehAwIBBaKCFYEEghV9kyUMnqxum90u0eHYKW7PlmDR7y+UDX1MFJArTMaxCZ5VBERulOsP/P62qr3J+zR/fBG+SNiBjsc9BWJ+pxlDVENQC2LYNggMGFBBmXogi9wULw1cTbLTNWzJbuEiV66lJiACVtky9t1IG7ZEbWl0+pEdNy4tgE2iD4fblzXWBWVEDUfElATIJs6PZF5POk9li77c8Q+sSwSj7I/mYDIBOQ0fza1291yGtCH49yGr8jXVAzZmvAj8bzFkhdffwh8o0rzwOTQ6S6wcbJ5URk3Q7kzq9YV+DrvsY/Q4TD/KeS+IhnDVbOKcEwOtshPnfB2YkvZ32TECeEW3SNRUAICunb5sXNP8W+khCZH5ij8wRPpwZuxyyv06L5v1ULfr/V7DTBbweh6YVgry5fGwOku6+lk06AX0541W19aqdXvAB13aXaE4JbmbJujrAgzpOs4vgn1bFOm0xtqxCDEnuQMXmtqpbqJktXXOKmrKoIivuheqaB88AOr5IeGREF4LTnfP4e9X/VMm54SmvfKcXN5LV69W+hNoIn4gCLLV36Hb+dOyjMqTP/rQl8s6Sj+QCOFO9IxQqTwNfyYtxvediM1Ajhj8c0IRCHMbg7VvxpofOoAHoMeSTlBXJRkPZnncf8QWmV1Y2SsUWT0ADVIAcGkaSKU6/Kagju9y2kIB+7Xzz1U3qy0GWuUVD00JSf8tr8DfbZmqpUfBUxIXVwAjhwNsAPFdmb5oWivH3NEbE8snLwFgWjWa8Nwk8mk6n0/cTuoomgCHXGqVLU0zvQ6yT+s3RQN/R/SSQVHquY6f4eeCRfo2h3vSlKPqn9yeuLNMeauN5LYigikDn6dunV/onfhMhxouDKZ1Ga4ggGYQD2CNWvHiI6eHNXpA0kv2Vq0XeKGxAafkpTO92TnZRpCrygAydIJbJn7uwLiB+mRPnFGwntEEjP/6BtIqGm+b49lHSj5ILoOtXi0tWSU4drd8Kh6AMTCwYivtksyiIBe7xqMaVgxYWlUEX68yhf5GUsUFZ859GnoV7rBvOA/7zwykgorBMfEvpG7Nrn4fTzlbEKROh/58wyOtGc7RRPMkXCSz2rrir1/mWqgfLMOV6EX3dUwNRQaTbMBBHOsXuzcoCBJP4kDLrJtMGiBBtevRIaZeqo2/kgRKfWhp+yHLHWRWkLWjXngTYv91ThyP/d6xRSD4n7P8PMX50XX3uHvB1dh/nigK2m01pBtuBcKr4S4dYQagDzQmbVAR67rN69IbktjhgIJq1Y9Tjv52EeoMGmAykeGjR8Y4wxg34TkG3XOiG7yQ9yBWsXR4JAy6EMz31bitZzimrELtmcwEI70BanvUNQNl1eSeVyxM++t11bGU5eKDbjXGbG1P82rGcKTH2bUULzLJN4Kfxm4wddKXfUDU7/K/B4tR8cobzwafXon7OrFjq5XbtKtU3KtT/lGoeA3upnzY5enXprFtRLKbXMjilImltqXDxrc4sVnp0Gox3dJAKUXF0Vl31c4LuHYFe1mpkpQGp8qsVEZsz37J4VAmRGdV/nVSIiZ9SM76obZgWtz9PMKoSKsKwUGOV7iHZ3ajFiQ7YRSv2lufSxwoLY1Q0NOBv8tgf4ifswEKBkm9qDmOBgmV7FkG3XUY1PMG9Qy/KosP/8pOxEUCe27NZoKppH+WnASLfFo7OXzfnczc8RkrY+apoRSDdQcs+D87X11D3Ew2xIl8LcT/5lqokfEu6MQX51+fKIynT6c52F94uEHzNWNJ7YvLazW7vKtyXh5YXvwNJr/plP4cgUx0JtjFzwCAj9eHpCXqnwXRaN9Y3zdpGSdtCi8y0AI7yNKU4XkNFxsFHbvI7AQokJTi4T7d8v8oqJ6GFxZPwkmfEc7veVk6InvXo9W/uGnoBvkv/2Et5FJCeHiab29r47Gd8OBZSXSdHyKa5kDUA02SSbJjECBu9ITurxKo6mGUrjb9JMuYKiOm5tB8Dke0NzTVYWGcHNv/+J/Yn5WsVZVQWWgVQqWGtFxEIPEhbn3e6DJJPTBmANh3k5svMWQZIvgMk02ntY59xZGV96FXim0HhZeJ6pBnHaCSOYe2HEL/xqHk6rC30jAgqNNS4pS1lnmjhWm+ZnVBU61Bwm1avUbNHkSp7NPnCaMI5cXXJsm03S5YajqwWthSkNKr7c+JQtP45JV0UCgZbma6iGwEdRAsQaKEfRo1Zo9l6CvAuipNvwpi9ZsK1bjSTFwixtKMTebm9GDTMBWUOwerpdsjPzOxYn810dYqaGj1HF+I1aNpdhIMXpaXYnmJD2Qyi9KzMUdkOPxRNb82keN+vDW28I2RwckJHl/WtAUi82MrcyMfS3Q/HRX0f3pzJ7mVDWwKaZPhRwwXjAEE+VCixfhQl3j7lBbVta7zUOZv6FhdPfkufLJAVeMgkpUidCyQwpZRVxjetRpofAoj2vcbHyRqse2iWRLBD5SlbqPnb7wJ8dLm+mhgMmJgQt9W5Vzq0kIbQJXyeY6te9RapvniP7AQklpKQmQq9oGvRXdXBJi0ibyMLmSQW4vKwRgpzm18qmIBwVyjJbqKJQ4d1i6Z+tV8HT4R629dhkD4jmFsI38rgOxC8SoZGVJnWjQHVa7IOUofwRO880fHgJ1php8DQJGXo3CATcA4J06qoKHRS+WXGkDH1vkNz1yKQ0iaXRgV4d6rTnKIN3dj20Or2QPpOmQy1iUu4nkmm511/7wfr8/K73csla7EpI5w3+BUJZ8Lnom+qX2lhosw89DneU1qf3xoEtUbK1oZikTQlstkltLxNyKXtLtb2us9SJdYkjKY8xJfqdEHL/oi77uL0+AVxi2SzfNCeHMvuti2fJGt0E+BkbAjvZFreXQSWIk5sCeERkkUrWAYApDFwEgoaCEqZMtrCGI0k7vf8nJvuPVG8id6JzyRkytyL1DvYSlFZiX+N8MLntRwf50Z/LsOKaBYHGDPAM6Vymu5v/AoMh8LPs6vHXxSSo9L6A0ees24icND+jjDRQ+cJ4zisKKZ1zpXBVanpN5eXdDtdRhXnVu93SYgUtT03TGp7gtrJC1zFcJriTSpTfwaElIXaeNR+SwO2drgbYmgkrA0AXGmAEkrP7cZ/2pQMwj/orAIWdKYxayn0d2ysKarufkV+tpZ79MI2l866GCgQXYIkseV68XitrdksefU84K9NXHI/t+6C77kPT+Y0GtQM6X1z87kiLd4+cK3hIiy1hXCQ3uTVW7LIDw04xNS7xZyGCnozdEoMDqC2yBvfg8aQobLvjW+RFpOwFc81x26H58fmulT464IyO2MHyfUoobn23SJSW+D14QtUg9Rw5sG0naGiH+CXzs9ZEy5QgVxmIWstuiIftwbfO1gxlhMrFhCHQyNMzjrK0y1Fty3x92jRNTp6X3XjGiH44+Vl/NTm0487FhzS7NFE58InBCicBBQywg3tW6vK/RDP8eMtqakW2OTGEvhiZLsvM8b2YsPCLK6oS2KibuWCSrLh6F3sN20F91r5UW580stvDuSihNrZkLXhFNfiN3m4GUfEMtIw+rYwwbKR3wt9wmUjlHJjXdva7dattBOi5dTwG3jnmgTnyE/MF9Y5NCu8XU6MD8tNXsdV/CZTOOD88BCbeDGORX5t+NsmD7gYcik7Tcua9QEugEYDRfgYAGcQKJCWyb2rjsFny3x4gzjE2eSPw9HRlDVVDFWVekRIgbZbE4IBzEDAdyh7rXIhYQSNROizTZsBTGOSghDi568wsKVS+c+tFtuYyayQjTf5ojyukO8JIsj8f9ltx1YM4kER2Y+wglGOlRUXfDW45X+Sm9HnmmgqHO2DYdRTiiUm63u9x6cOK9tvZ58lKJfUN4WW1c+vv1VnujHVDsWRCDD20Zs4OhYXEDWaEXwtC1u+tG8uv0rp9IgST88lUoLOlE8DpQcmF05kD3rBI4fNFFdG3rrTzcdbyNymEu5x2Fj/BR2cl2E3t9AaHmadaEU4e/KHt08YkDUNpqc6ctikO6MCeKiPeQavH5Ur1SetU7ddQFxvpN5P70W5u+ayQ0OGxl6JUTDBnNLUKAh3aOjcJptPIZg2pb52y0/GhMC0P3dnbA+zFqJGHngBGLFPO8OBtCQDztVXyAa81qaRoaYV9DH5U+RyORoNWdSrw7AiB0Hj4q/Too5teFi7Q+NzA4Jf5bj5s0uXkYeEqgMJHkmtEZwKAzDp87DVtPXDiutwSWDIHJS2+WZjmbFfrv0eCpz2SFwPGyBFItEv9f38zfsmGqjmPiELizrkzn/2Xr5CqfDJ9paAWmhWLF4ggQ8YJrjU1//BJO2pOyFzZBdT03H49X4Q70lbGIK7IVgQX+S46LKrUg47ANBGtmM9SOGX+Pxxq6dErk3CuVo24xTt1UWHMGT0kIb3cCJAPiMX4oQe3QXAouNrp2f0hV801UeYsbwBW7ITKySc3XCzmcHQUjX7AISPNE5Os92IvICzcMdJB5iOmLWfBJDb7gvWwK8vYtV0iSOaAhXqBTdXdfsw68eRt2QIobSKMy2sY1PTi2J96sj5oBX+TkqYwB9jowvrJ891fvGGEqHyBKNaLbNl0F9p2no2yVFaJfFDHnJqj0xHfQKNg01Ns7nzEsBhh51+NUa0xQpjYDNvvHgV1yLW4W4iOG905TO/KU9GQizbHjEAXpedOd41TTnt8wqBer6JxP1gvV2JOBY+q13J+WU9W+YrjzP0aP74ceJBiMWmhWJWtEUQl0I0HR0/grparIfm+cjV5uo+9iK/F0roNdTwxdoKshkJFn+FBgMAhDXxSTCshW3K7KyvDdMVy8NeRw0xzavogHVDpQbS/RWJvqMQKSEKQLa4Iz+Z7yEcP8wOxKdVbxa8TFRRgZQmclLEujOhUUeFy+18ttVY4hpqLg4PGroLzB3r+cqwbPbMTB5m21XK5VgxNPcvM18i1P9JplJixpLnb+qowRPYEX9bPI3dhz72X3HzYgjEKK7+uCNpirBR2HtvWVma83bm1pvesXVm9MC8Ztk5uxjRFU8CdF0CPOGRJks5eME16PtZS/uEG54nN8sEP6Mjbg6mRKlU+aXlUTX9M1tqmCKcSzUbSqKVtXl/gqHkHSPMlW+Qu00NRKLeu/mE1jTHJUPCVx7GfEFB9Rrvx6tf5xugJ2pMWP4WzlrHQtYp2LrAw+dGImbHZKosVXIORFXQ4Zfcdz8hpEIyzLL1ju+WFhiXWB4LAPg8JH5gT0bBoFQPdgGwp4zbEkWlbXk/soJU3oReDclc31OCZYq4hO3pbolyLH1pUFLzMQZ0PLnZ+lM0/TShILdvbqvPraTumkB9v/yOz1abQ6XwJjb6aypVDC5I1jEPM3H1ktf2AGQd7Tp71sy6hPg2j2cxmG25sBPlEjzA01qjRQ1rM8nr29p3LMTd6FZO5nIlgrQKiz6acAuXofcNzB5+2blc0dn2e7TaS4I9x0A10fnK9rVqAwjOVtvOPoi+ib8deCsAi3LB7j5bw3EVW+uhP2IHuRHaDLYYElgR8mPUFyd6xLVVWXv6m+A3m71o3Kfxb7wpjBWjOf2Ux6oIg+IF0XSdRgByi16tE+x8ToVboMkMmDmmZoMIHNU5oMFyZvP633l6GTPPI+ET31DwBzNWPYkbwysBPI78jER7LkCRK2gl0CDpRenVHrytOLVugwlFO44XPlF+TxNitbTjCEmOgtmwxo9jCh9MYAT973LmsVmepGLjqnGWNX20ZHFJPQsMbRrSQZRtO59a6F3tdM6BSA6x8tEMrEOGsv/GQjE3IOW+6CKf7rADnDz04IgV6R4Z4ppq/jolb++dBffcxWc8uihiFWrIndLZ0SPVcnBErtcfHH06T87FgtB3gWXtkRwBkBPH0mmXwtGmsJqcMgVu3zQf0K/3KYAUp4t2/F28O6Zpjo6jmHKSfQVR09vumICEX0hULZs5s6kqRLu+qElUqP0xJiqt6pg9vsQXpyMXDVCQA2yYNMR+8SYme/zVoaIqqZIxrNjxlgpo0bHEwZdYX/ED3Qo2fNM8iqaNZKpya07MRg87JucQ0qG8emgDypRAVrFxBrkzsmtw4GAV0/zmOmFEA3ozWoLlxJYob9KFABZuOZ/CpV6k5ajI0QuufpkS5PQpCn7BVgswSl2ILxIXu+i0mWEPnQOEa1KEyYqq8db/w+9RY7OeI2gUd8qGaZPJnf5pk6hddHYJUCMDqTMdEkmTAcxdO66WoK/vyGy2p91FQrF6xXp9vMQNK8UfcevmT3z1djOC+Ckq42DHP1Tk9jodtVtiDgYOnS+H+VRh1Vbg/U64ej50AIUEqlWAD3AuuhZTDDTNeWm8NR8LIHX6rqST+axQgGX4cTcJbuwTOZpxAoBAhIolaA7IB/iO7VhcB6r7CyQxAa+noU57Vmv6DjCT2qAtrtWstLQy2m9bg8pkayu7t6oy7LetjnjuuTKVZHz/cR1rp1DKZv39QXu1rrVw1Hk+pl5DSYBiN1mSRaSjaForX8cCjVzkDmOdxYiwe/JG+hPvS9VhYDZLXckxyj3QimvjD88QzWkg4RN61UcRgnmBhdfzfMcR+kw59xWQyZjCGwo5pTICSK+2v492bLtlxFeEmsi9XgZEmNMkWaDdbbNxjX96K8s9ex2hg50OuMUTX+BZVhSXvh4Y76z+4aJW4hWqPTV9856WAgHoubb7Tv4nTqXKDRGmkpF/zIpOfvq36HJi8eyF0FsqC93GpNb71Vf8Z0H3Xoha8OJsy0i74nYSk5XFLUzlJEA+4eLRgZMsJvqo/7FaH9nHSBLKVCOO5WRMLknehwLV+EvxLRwyCmaRW+dd3Ugf1ZmtgTSMWS+uL8AlTassBeNa46eSPtIRcCCQkhBiZkp730DvRyRvmMtIxnJbIjN24/sTSg7FmRVl2WKHqpVEywPugLTlR1489GKRDNvkKhs8JWEc9jeqCVkRtGr8vrR0kjs/MZ6a8K03SSLwyfYCgH2QgnSQlM4gxjRFBz4+u2FOl7+PpqioV6JyMMT4imqdM9iPIMCpTEKG0jQs9v7vV6kxr0nDVbMNG2uhwTDRCmVqw6DGggMc0dw1EXcpQJFiaYTiuIwkMVI0u84sLZbqoc78j6X32hb2ozc28FRioJD5BY/xYVCyE0hvddEjkeOi8IUr5Wt79aFR5o4yQgZgjABmCNYKznfADUo/mFsTXIh4bLyh8jSA906VfuOjcBZ5xlmY/lLqJ4g/d1oVY+/sEYDKyPhAtoJuj4ZTe0TPKTh0luZz17/bnNcO7wKQRDdrtO868q62uT5vhwE4hrupPtUxWfyjyTAsHct7FwerEAcdcd3wvlMUdFBlbe4ecueB/16AJp28tIXNVNzLycnOp9jTg3/Q0WkggFbMIIBV6ADAgEXooIBTgSCAUo5weojEENXUfV+gDlxkZ92pZRfbXk5yPkX/KyYlD4V84zlRW0Al+M+1OloTmssNUdsc1WhSb9ScQiKHcwSpcOrS5QVYsfcfa5xdymxrRLHq3dYGdiL72KX2OWLtZki2O7MQyLRDWPMfDFGGikhB3xDpdrHn/dQkGAb8x9iN5pgWtTZTB/u2Kv1Rw6s+Sw6lxjDn6Kui+ORQJ1Q0egEUIKOXvmte+uSJYWZsNwPfc19h0zXelSXQve/xqlg2vdPitS5hEoZuBERu+Q7YWAeLfLgIlx85fr7pPmD9N5omugeUNEa2dP4+zyveFBLcqYVh6WKsXuotC62ag7rT0SL4RyRATQrSmXyMjdqtYUuUa5RnaW9/fPqk7tHiFVEYkVSj7g2i6rZZuHuQULG59L0aQ09izrnhnGzy29gYeOPdKMYAfKKBS25Ub4oN5k=
2013-08-09 15:14:21,276 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Creating new NegotiationContext
2013-08-09 15:14:21,276 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-3) associate 925390004
2013-08-09 15:14:21,277 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) initialize
2013-08-09 15:14:21,277 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Security domain: SPNEGO
2013-08-09 15:14:21,277 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) serverSecurityDomain=host
2013-08-09 15:14:21,277 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) login
2013-08-09 15:14:21,298 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Subject = Subject:
Principal: principal@DOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
0010: 0A 49 4E 53 50 4F 4C 2E 42 49 5A A2 1F 30 1D A0 .DOMAIN.COM..0..
0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
0030: 1B 0A 49 4E 53 50 4F 4C 2E 42 49 5A A3 81 D3 30 ..DOMAIN.COM...0
0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
0050: 81 C0 00 22 CE C7 C7 89 F2 D2 10 75 84 82 14 FD ...".......u....
0060: E0 1E AB 95 78 A3 C9 10 C0 FF B3 C7 BC C6 6D BC ....x.........m.
0070: 7D BF FF 86 9C AC 22 15 FB 9B 16 D7 93 2E 76 E0 ......".......v.
0080: 49 46 E1 85 0D BC DF B6 C1 D6 8D 54 92 3F 09 F0 IF.........T.?..
0090: 91 56 80 B9 F0 51 90 04 37 F5 BE FA 4A 8A E9 8D .V...Q..7...J...
00A0: 4D 02 3F 79 85 5F 6D 38 07 A1 2A 10 AE 6E 6C ED M.?y._m8..*..nl.
00B0: DA 45 B1 AA 69 4E 8F CF F9 22 94 DD 39 F8 D2 FA .E..iN..."..9...
00C0: D8 23 E0 04 F6 67 52 0E E1 27 36 66 07 EF F5 B7 .#...gR..'6f....
00D0: 48 6A 52 BD 61 C7 15 B8 56 19 A7 44 A7 78 7A 3E HjR.a...V..D.xz>
00E0: 2C 61 67 5F A8 80 25 31 0A 98 9A 0A BE 2E D6 7E ,ag_..%1........
00F0: 8E D9 7B BE C7 1F EA B1 3F 4C 5B 8F 75 77 76 7B ........?L[.uwv.
0100: 73 D9 8B F1 58 37 C0 46 92 FB 82 0C 37 27 29 D6 s...X7.F....7').
0110: BA D1 ..
Client Principal = principal@DOMAIN.COM
Server Principal = krbtgt/DOMAIN.COM@DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 40 77 D6 54 C6 31 AA CF 35 1D ED F7 E0 43 11 C9 @w.T.1..5....C..
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Fri Aug 09 15:14:24 CEST 2013
Start Time = Fri Aug 09 15:14:24 CEST 2013
End Time = Sat Aug 10 01:14:24 CEST 2013
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal principal@DOMAIN.COMKey Version 5key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 15:14:21,298 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Logged in 'host' LoginContext
2013-08-09 15:14:21,298 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Result - false
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) super.loginOk false
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) abort
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) initialize
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Security domain: SPNEGO
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) abort
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] (http-serverIP-8080-3) oRQwEqADCgEBoQsGCSqGSIb3EgECAg==
2013-08-09 15:14:21,299 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-3) clear 925390004
2013-08-09 15:14:21,328 DEBUG [org.jboss.messaging.core.impl.OrderingGroupMonitor] (Thread-31) message doesn't have group prop, fine by me
2013-08-09 15:14:21,333 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Authenticating user
2013-08-09 15:14:21,333 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-serverIP-8080-3) Header - Negotiate oYIXejCCF3agAwoBAaKCF20EghdpYIIXZQYJKoZIhvcSAQICAQBughdUMIIXUKADAgEFoQMCAQ6iBwMFACAAAACjghXaYYIV1jCCFdKgAwIBBaEMGwpJTlNQT0wuQklaoiYwJKADAgECoR0wGxsESFRUUBsTc3RwbHUzODAuaW5zcG9sLmJpeqOCFZMwghWPoAMCARehAwIBBaKCFYEEghV9kyUMnqxum90u0eHYKW7PlmDR7y+UDX1MFJArTMaxCZ5VBERulOsP/P62qr3J+zR/fBG+SNiBjsc9BWJ+pxlDVENQC2LYNggMGFBBmXogi9wULw1cTbLTNWzJbuEiV66lJiACVtky9t1IG7ZEbWl0+pEdNy4tgE2iD4fblzXWBWVEDUfElATIJs6PZF5POk9li77c8Q+sSwSj7I/mYDIBOQ0fza1291yGtCH49yGr8jXVAzZmvAj8bzFkhdffwh8o0rzwOTQ6S6wcbJ5URk3Q7kzq9YV+DrvsY/Q4TD/KeS+IhnDVbOKcEwOtshPnfB2YkvZ32TECeEW3SNRUAICunb5sXNP8W+khCZH5ij8wRPpwZuxyyv06L5v1ULfr/V7DTBbweh6YVgry5fGwOku6+lk06AX0541W19aqdXvAB13aXaE4JbmbJujrAgzpOs4vgn1bFOm0xtqxCDEnuQMXmtqpbqJktXXOKmrKoIivuheqaB88AOr5IeGREF4LTnfP4e9X/VMm54SmvfKcXN5LV69W+hNoIn4gCLLV36Hb+dOyjMqTP/rQl8s6Sj+QCOFO9IxQqTwNfyYtxvediM1Ajhj8c0IRCHMbg7VvxpofOoAHoMeSTlBXJRkPZnncf8QWmV1Y2SsUWT0ADVIAcGkaSKU6/Kagju9y2kIB+7Xzz1U3qy0GWuUVD00JSf8tr8DfbZmqpUfBUxIXVwAjhwNsAPFdmb5oWivH3NEbE8snLwFgWjWa8Nwk8mk6n0/cTuoomgCHXGqVLU0zvQ6yT+s3RQN/R/SSQVHquY6f4eeCRfo2h3vSlKPqn9yeuLNMeauN5LYigikDn6dunV/onfhMhxouDKZ1Ga4ggGYQD2CNWvHiI6eHNXpA0kv2Vq0XeKGxAafkpTO92TnZRpCrygAydIJbJn7uwLiB+mRPnFGwntEEjP/6BtIqGm+b49lHSj5ILoOtXi0tWSU4drd8Kh6AMTCwYivtksyiIBe7xqMaVgxYWlUEX68yhf5GUsUFZ859GnoV7rBvOA/7zwykgorBMfEvpG7Nrn4fTzlbEKROh/58wyOtGc7RRPMkXCSz2rrir1/mWqgfLMOV6EX3dUwNRQaTbMBBHOsXuzcoCBJP4kDLrJtMGiBBtevRIaZeqo2/kgRKfWhp+yHLHWRWkLWjXngTYv91ThyP/d6xRSD4n7P8PMX50XX3uHvB1dh/nigK2m01pBtuBcKr4S4dYQagDzQmbVAR67rN69IbktjhgIJq1Y9Tjv52EeoMGmAykeGjR8Y4wxg34TkG3XOiG7yQ9yBWsXR4JAy6EMz31bitZzimrELtmcwEI70BanvUNQNl1eSeVyxM++t11bGU5eKDbjXGbG1P82rGcKTH2bUULzLJN4Kfxm4wddKXfUDU7/K/B4tR8cobzwafXon7OrFjq5XbtKtU3KtT/lGoeA3upnzY5enXprFtRLKbXMjilImltqXDxrc4sVnp0Gox3dJAKUXF0Vl31c4LuHYFe1mpkpQGp8qsVEZsz37J4VAmRGdV/nVSIiZ9SM76obZgWtz9PMKoSKsKwUGOV7iHZ3ajFiQ7YRSv2lufSxwoLY1Q0NOBv8tgf4ifswEKBkm9qDmOBgmV7FkG3XUY1PMG9Qy/KosP/8pOxEUCe27NZoKppH+WnASLfFo7OXzfnczc8RkrY+apoRSDdQcs+D87X11D3Ew2xIl8LcT/5lqokfEu6MQX51+fKIynT6c52F94uEHzNWNJ7YvLazW7vKtyXh5YXvwNJr/plP4cgUx0JtjFzwCAj9eHpCXqnwXRaN9Y3zdpGSdtCi8y0AI7yNKU4XkNFxsFHbvI7AQokJTi4T7d8v8oqJ6GFxZPwkmfEc7veVk6InvXo9W/uGnoBvkv/2Et5FJCeHiab29r47Gd8OBZSXSdHyKa5kDUA02SSbJjECBu9ITurxKo6mGUrjb9JMuYKiOm5tB8Dke0NzTVYWGcHNv/+J/Yn5WsVZVQWWgVQqWGtFxEIPEhbn3e6DJJPTBmANh3k5svMWQZIvgMk02ntY59xZGV96FXim0HhZeJ6pBnHaCSOYe2HEL/xqHk6rC30jAgqNNS4pS1lnmjhWm+ZnVBU61Bwm1avUbNHkSp7NPnCaMI5cXXJsm03S5YajqwWthSkNKr7c+JQtP45JV0UCgZbma6iGwEdRAsQaKEfRo1Zo9l6CvAuipNvwpi9ZsK1bjSTFwixtKMTebm9GDTMBWUOwerpdsjPzOxYn810dYqaGj1HF+I1aNpdhIMXpaXYnmJD2Qyi9KzMUdkOPxRNb82keN+vDW28I2RwckJHl/WtAUi82MrcyMfS3Q/HRX0f3pzJ7mVDWwKaZPhRwwXjAEE+VCixfhQl3j7lBbVta7zUOZv6FhdPfkufLJAVeMgkpUidCyQwpZRVxjetRpofAoj2vcbHyRqse2iWRLBD5SlbqPnb7wJ8dLm+mhgMmJgQt9W5Vzq0kIbQJXyeY6te9RapvniP7AQklpKQmQq9oGvRXdXBJi0ibyMLmSQW4vKwRgpzm18qmIBwVyjJbqKJQ4d1i6Z+tV8HT4R629dhkD4jmFsI38rgOxC8SoZGVJnWjQHVa7IOUofwRO880fHgJ1php8DQJGXo3CATcA4J06qoKHRS+WXGkDH1vkNz1yKQ0iaXRgV4d6rTnKIN3dj20Or2QPpOmQy1iUu4nkmm511/7wfr8/K73csla7EpI5w3+BUJZ8Lnom+qX2lhosw89DneU1qf3xoEtUbK1oZikTQlstkltLxNyKXtLtb2us9SJdYkjKY8xJfqdEHL/oi77uL0+AVxi2SzfNCeHMvuti2fJGt0E+BkbAjvZFreXQSWIk5sCeERkkUrWAYApDFwEgoaCEqZMtrCGI0k7vf8nJvuPVG8id6JzyRkytyL1DvYSlFZiX+N8MLntRwf50Z/LsOKaBYHGDPAM6Vymu5v/AoMh8LPs6vHXxSSo9L6A0ees24icND+jjDRQ+cJ4zisKKZ1zpXBVanpN5eXdDtdRhXnVu93SYgUtT03TGp7gtrJC1zFcJriTSpTfwaElIXaeNR+SwO2drgbYmgkrA0AXGmAEkrP7cZ/2pQMwj/orAIWdKYxayn0d2ysKarufkV+tpZ79MI2l866GCgQXYIkseV68XitrdksefU84K9NXHI/t+6C77kPT+Y0GtQM6X1z87kiLd4+cK3hIiy1hXCQ3uTVW7LIDw04xNS7xZyGCnozdEoMDqC2yBvfg8aQobLvjW+RFpOwFc81x26H58fmulT464IyO2MHyfUoobn23SJSW+D14QtUg9Rw5sG0naGiH+CXzs9ZEy5QgVxmIWstuiIftwbfO1gxlhMrFhCHQyNMzjrK0y1Fty3x92jRNTp6X3XjGiH44+Vl/NTm0487FhzS7NFE58InBCicBBQywg3tW6vK/RDP8eMtqakW2OTGEvhiZLsvM8b2YsPCLK6oS2KibuWCSrLh6F3sN20F91r5UW580stvDuSihNrZkLXhFNfiN3m4GUfEMtIw+rYwwbKR3wt9wmUjlHJjXdva7dattBOi5dTwG3jnmgTnyE/MF9Y5NCu8XU6MD8tNXsdV/CZTOOD88BCbeDGORX5t+NsmD7gYcik7Tcua9QEugEYDRfgYAGcQKJCWyb2rjsFny3x4gzjE2eSPw9HRlDVVDFWVekRIgbZbE4IBzEDAdyh7rXIhYQSNROizTZsBTGOSghDi568wsKVS+c+tFtuYyayQjTf5ojyukO8JIsj8f9ltx1YM4kER2Y+wglGOlRUXfDW45X+Sm9HnmmgqHO2DYdRTiiUm63u9x6cOK9tvZ58lKJfUN4WW1c+vv1VnujHVDsWRCDD20Zs4OhYXEDWaEXwtC1u+tG8uv0rp9IgST88lUoLOlE8DpQcmF05kD3rBI4fNFFdG3rrTzcdbyNymEu5x2Fj/BR2cl2E3t9AaHmadaEU4e/KHt08YkDUNpqc6ctikO6MCeKiPeQavH5Ur1SetU7ddQFxvpN5P70W5u+ayQ0OGxl6JUTDBnNLUKAh3aOjcJptPIZg2pb52y0/GhMC0P3dnbA+zFqJGHngBGLFPO8OBtCQDztVXyAa81qaRoaYV9DH5U+RyORoNWdSrw7AiB0Hj4q/Too5teFi7Q+NzA4Jf5bj5s0uXkYeEqgMJHkmtEZwKAzDp87DVtPXDiutwSWDIHJS2+WZjmbFfrv0eCpz2SFwPGyBFItEv9f38zfsmGqjmPiELizrkzn/2Xr5CqfDJ9paAWmhWLF4ggQ8YJrjU1//BJO2pOyFzZBdT03H49X4Q70lbGIK7IVgQX+S46LKrUg47ANBGtmM9SOGX+Pxxq6dErk3CuVo24xTt1UWHMGT0kIb3cCJAPiMX4oQe3QXAouNrp2f0hV801UeYsbwBW7ITKySc3XCzmcHQUjX7AISPNE5Os92IvICzcMdJB5iOmLWfBJDb7gvWwK8vYtV0iSOaAhXqBTdXdfsw68eRt2QIobSKMy2sY1PTi2J96sj5oBX+TkqYwB9jowvrJ891fvGGEqHyBKNaLbNl0F9p2no2yVFaJfFDHnJqj0xHfQKNg01Ns7nzEsBhh51+NUa0xQpjYDNvvHgV1yLW4W4iOG905TO/KU9GQizbHjEAXpedOd41TTnt8wqBer6JxP1gvV2JOBY+q13J+WU9W+YrjzP0aP74ceJBiMWmhWJWtEUQl0I0HR0/grparIfm+cjV5uo+9iK/F0roNdTwxdoKshkJFn+FBgMAhDXxSTCshW3K7KyvDdMVy8NeRw0xzavogHVDpQbS/RWJvqMQKSEKQLa4Iz+Z7yEcP8wOxKdVbxa8TFRRgZQmclLEujOhUUeFy+18ttVY4hpqLg4PGroLzB3r+cqwbPbMTB5m21XK5VgxNPcvM18i1P9JplJixpLnb+qowRPYEX9bPI3dhz72X3HzYgjEKK7+uCNpirBR2HtvWVma83bm1pvesXVm9MC8Ztk5uxjRFU8CdF0CPOGRJks5eME16PtZS/uEG54nN8sEP6Mjbg6mRKlU+aXlUTX9M1tqmCKcSzUbSqKVtXl/gqHkHSPMlW+Qu00NRKLeu/mE1jTHJUPCVx7GfEFB9Rrvx6tf5xugJ2pMWP4WzlrHQtYp2LrAw+dGImbHZKosVXIORFXQ4Zfcdz8hpEIyzLL1ju+WFhiXWB4LAPg8JH5gT0bBoFQPdgGwp4zbEkWlbXk/soJU3oReDclc31OCZYq4hO3pbolyLH1pUFLzMQZ0PLnZ+lM0/TShILdvbqvPraTumkB9v/yOz1abQ6XwJjb6aypVDC5I1jEPM3H1ktf2AGQd7Tp71sy6hPg2j2cxmG25sBPlEjzA01qjRQ1rM8nr29p3LMTd6FZO5nIlgrQKiz6acAuXofcNzB5+2blc0dn2e7TaS4I9x0A10fnK9rVqAwjOVtvOPoi+ib8deCsAi3LB7j5bw3EVW+uhP2IHuRHaDLYYElgR8mPUFyd6xLVVWXv6m+A3m71o3Kfxb7wpjBWjOf2Ux6oIg+IF0XSdRgByi16tE+x8ToVboMkMmDmmZoMIHNU5oMFyZvP633l6GTPPI+ET31DwBzNWPYkbwysBPI78jER7LkCRK2gl0CDpRenVHrytOLVugwlFO44XPlF+TxNitbTjCEmOgtmwxo9jCh9MYAT973LmsVmepGLjqnGWNX20ZHFJPQsMbRrSQZRtO59a6F3tdM6BSA6x8tEMrEOGsv/GQjE3IOW+6CKf7rADnDz04IgV6R4Z4ppq/jolb++dBffcxWc8uihiFWrIndLZ0SPVcnBErtcfHH06T87FgtB3gWXtkRwBkBPH0mmXwtGmsJqcMgVu3zQf0K/3KYAUp4t2/F28O6Zpjo6jmHKSfQVR09vumICEX0hULZs5s6kqRLu+qElUqP0xJiqt6pg9vsQXpyMXDVCQA2yYNMR+8SYme/zVoaIqqZIxrNjxlgpo0bHEwZdYX/ED3Qo2fNM8iqaNZKpya07MRg87JucQ0qG8emgDypRAVrFxBrkzsmtw4GAV0/zmOmFEA3ozWoLlxJYob9KFABZuOZ/CpV6k5ajI0QuufpkS5PQpCn7BVgswSl2ILxIXu+i0mWEPnQOEa1KEyYqq8db/w+9RY7OeI2gUd8qGaZPJnf5pk6hddHYJUCMDqTMdEkmTAcxdO66WoK/vyGy2p91FQrF6xXp9vMQNK8UfcevmT3z1djOC+Ckq42DHP1Tk9jodtVtiDgYOnS+H+VRh1Vbg/U64ej50AIUEqlWAD3AuuhZTDDTNeWm8NR8LIHX6rqST+axQgGX4cTcJbuwTOZpxAoBAhIolaA7IB/iO7VhcB6r7CyQxAa+noU57Vmv6DjCT2qAtrtWstLQy2m9bg8pkayu7t6oy7LetjnjuuTKVZHz/cR1rp1DKZv39QXu1rrVw1Hk+pl5DSYBiN1mSRaSjaForX8cCjVzkDmOdxYiwe/JG+hPvS9VhYDZLXckxyj3QimvjD88QzWkg4RN61UcRgnmBhdfzfMcR+kw59xWQyZjCGwo5pTICSK+2v492bLtlxFeEmsi9XgZEmNMkWaDdbbNxjX96K8s9ex2hg50OuMUTX+BZVhSXvh4Y76z+4aJW4hWqPTV9856WAgHoubb7Tv4nTqXKDRGmkpF/zIpOfvq36HJi8eyF0FsqC93GpNb71Vf8Z0H3Xoha8OJsy0i74nYSk5XFLUzlJEA+4eLRgZMsJvqo/7FaH9nHSBLKVCOO5WRMLknehwLV+EvxLRwyCmaRW+dd3Ugf1ZmtgTSMWS+uL8AlTassBeNa46eSPtIRcCCQkhBiZkp730DvRyRvmMtIxnJbIjN24/sTSg7FmRVl2WKHqpVEywPugLTlR1489GKRDNvkKhs8JWEc9jeqCVkRtGr8vrR0kjs/MZ6a8K03SSLwyfYCgH2QgnSQlM4gxjRFBz4+u2FOl7+PpqioV6JyMMT4imqdM9iPIMCpTEKG0jQs9v7vV6kxr0nDVbMNG2uhwTDRCmVqw6DGggMc0dw1EXcpQJFiaYTiuIwkMVI0u84sLZbqoc78j6X32hb2ozc28FRioJD5BY/xYVCyE0hvddEjkeOi8IUr5Wt79aFR5o4yQgZgjABmCNYKznfADUo/mFsTXIh4bLyh8jSA906VfuOjcBZ5xlmY/lLqJ4g/d1oVY+/sEYDKyPhAtoJuj4ZTe0TPKTh0luZz17/bnNcO7wKQRDdrtO868q62uT5vhwE4hrupPtUxWfyjyTAsHct7FwerEAcdcd3wvlMUdFBlbe4ecueB/16AJp28tIXNVNzLycnOp9jTg3/Q0WkggFbMIIBV6ADAgEXooIBTgSCAUqX+emxORwztTJ+1qDERMFSvO0ODMHXvafC94PT8WIn185vx8cNqDjmK4vQBcN9J4xqpkSBBD6TvUG2A1o2ZGkRdlxmXmTuzqbMmGPgZxcgPvKMnrfz/umI/ywQl3gBayg7t2fRQZL+ATRAmE3YWSiLxmJcQY6CzS6lRTQJCYz/DnT4W69dUsEMzwB84ryty52VUcQo+pRJFTO4Abgc+r0dSc9+5J65UhrMoJ7Snio1yQdpTK4QZtjZERL0PbDOk077eaRW2SVCNgKjSFaMPlJYoEQHSFM+CClbInXdvSpYiBF8TM8YTg/mjecwIyAVcXGncOKoMrS96fn386sErxoSFNHcTMfpNEm6Fh2BGKacXdtd/yZWYmLjlE/xR2/yjOXZaWjaQ5AecHmmNrwKv+bcQl+9yFg5d7KggKOv3A6S2ZiIq6nHn7QHh4I=
2013-08-09 15:14:21,335 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-3) associate 925390004
2013-08-09 15:14:21,337 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) initialize
2013-08-09 15:14:21,338 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Security domain: SPNEGO
2013-08-09 15:14:21,338 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) serverSecurityDomain=host
2013-08-09 15:14:21,338 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) login
2013-08-09 15:14:21,348 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Subject = Subject:
Principal: principal@DOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
0010: 0A 49 4E 53 50 4F 4C 2E 42 49 5A A2 1F 30 1D A0 .DOMAIN.COM..0..
0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
0030: 1B 0A 49 4E 53 50 4F 4C 2E 42 49 5A A3 81 D3 30 ..DOMAIN.COM...0
0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
0050: 81 C0 DA 92 C7 3F 92 5D BA D2 89 1C 57 33 56 7B .....?.]....W3V.
0060: 88 57 E9 45 07 C8 CB 01 2C 67 5F 72 54 8A FB 34 .W.E....,g_rT..4
0070: 4F B2 4E BD 83 D8 B9 79 DB E2 D7 4C 85 60 05 64 O.N....y...L.`.d
0080: 17 33 12 0C B6 65 62 E8 B3 DE FE D2 9E 7A D1 92 .3...eb......z..
0090: 02 D8 35 34 8B A7 AC F7 AE D9 61 DA A8 EA 17 F2 ..54......a.....
00A0: 29 AA 71 72 B4 17 83 77 DA 17 21 F1 B3 3B 68 17 ).qr...w..!..;h.
00B0: 90 C4 AB C9 9C 86 9B C3 1E AB 8F B1 C9 F8 0A 38 ...............8
00C0: A3 B7 C6 EB 34 87 4A 7F 7C 02 AB D1 1D 1D B0 F9 ....4.J.........
00D0: D8 ED B0 81 8E 44 5F 95 C4 B8 FD 78 DF BB 03 B1 .....D_....x....
00E0: 08 27 82 79 75 67 EE EE 04 EE 5E 5C 8F 2D 03 56 .'.yug....^\.-.V
00F0: 7A 34 BB A0 C3 98 4D E5 B2 BF CD 38 DA BB 8C 2A z4....M....8...*
0100: 47 7A 66 FC A8 60 3C 42 C2 C3 BA AD D6 52 D2 17 Gzf..`<B.....R..
0110: 28 F1 (.
Client Principal = principal@DOMAIN.COM
Server Principal = krbtgt/DOMAIN.COM@DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 36 B4 9C 9A 3C D7 F8 59 F9 F8 C9 87 F5 E3 1D D5 6...<..Y........
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Fri Aug 09 15:14:25 CEST 2013
Start Time = Fri Aug 09 15:14:25 CEST 2013
End Time = Sat Aug 10 01:14:25 CEST 2013
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal principal@DOMAIN.COMKey Version 5key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 15:14:21,348 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Logged in 'host' LoginContext
2013-08-09 15:14:21,348 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Creating new GSSContext.
2013-08-09 15:14:21,353 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) context.getCredDelegState() = false
2013-08-09 15:14:21,353 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) context.getMutualAuthState() = true
2013-08-09 15:14:21,353 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) context.getSrcName() = n0100106@DOMAIN.COM
2013-08-09 15:14:21,353 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Result - true
2013-08-09 15:14:21,353 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) Storing username 'n0100106@DOMAIN.COM' and empty password
2013-08-09 15:14:21,353 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) super.loginOk true
2013-08-09 15:14:21,353 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) initialize
2013-08-09 15:14:21,353 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Security domain: SPNEGO
2013-08-09 15:14:21,353 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Using GSSAPI to connect to LDAP
2013-08-09 15:14:21,364 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Subject = Subject:
Principal: principal@DOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 01 0E 30 82 01 0A A0 03 02 01 05 A1 0C 1B a...0...........
0010: 0A 49 4E 53 50 4F 4C 2E 42 49 5A A2 1F 30 1D A0 .DOMAIN.COM..0..
0020: 03 02 01 02 A1 16 30 14 1B 06 6B 72 62 74 67 74 ......0...krbtgt
0030: 1B 0A 49 4E 53 50 4F 4C 2E 42 49 5A A3 81 D3 30 ..DOMAIN.COM...0
0040: 81 D0 A0 03 02 01 17 A1 03 02 01 02 A2 81 C3 04 ................
0050: 81 C0 CE 96 81 7B 8C 78 6D 83 8C 50 23 D5 55 4C .......xm..P#.UL
0060: F2 8F D7 92 4B A3 4C E7 99 25 A6 A8 BE FE 87 F8 ....K.L..%......
0070: 82 05 4C BF DC 1F 1F 3C 1F AD D4 6F DC 0A 52 AE ..L....<...o..R.
0080: 01 7B B3 CA 0D 5F 48 9C 81 56 6E E0 25 8F F1 FF ....._H..Vn.%...
0090: C6 09 7E B9 CA 2F 84 FD 23 F3 AC 7A 5C 12 29 AE ...../..#..z\.).
00A0: B3 18 9D 72 54 E2 48 FD D1 BD 81 B2 B0 31 2C 66 ...rT.H......1,f
00B0: 65 4D 39 30 E6 66 FF E2 67 E1 02 D6 7F 24 B4 D6 eM90.f..g....$..
00C0: DB F0 7A 62 98 A8 63 7E F4 46 BA AE B7 CF C3 C2 ..zb..c..F......
00D0: 4F AE A5 70 C8 E2 D5 54 97 CE 46 FF F6 34 B6 79 O..p...T..F..4.y
00E0: 4B 2A 75 B6 F6 D1 E6 FD 8C 2C 5E 00 6C DB E0 45 K*u......,^.l..E
00F0: F1 1C 52 AE 58 14 D8 48 BD CA BE ED 73 79 A2 1B ..R.X..H....sy..
0100: D6 53 7B B4 FB 03 15 4A 2C 57 24 B1 EA 4D EA 96 .S.....J,W$..M..
0110: 96 83 ..
Client Principal = principal@DOMAIN.COM
Server Principal = krbtgt/DOMAIN.COM@DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: EA 04 83 68 10 C6 21 AB 0C 07 84 AA 01 02 09 5D ...h..!........]
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Fri Aug 09 15:14:25 CEST 2013
Start Time = Fri Aug 09 15:14:25 CEST 2013
End Time = Sat Aug 10 01:14:25 CEST 2013
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal principal@DOMAIN.COMKey Version 5key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 62 9E AB ED 98 3C 20 2D D6 F4 8B 0F 0E 5A A6 78 b....< -.....Z.x
2013-08-09 15:14:21,364 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Logged in 'javax.security.auth.login.LoginContext@38eaf4b2' LoginContext
2013-08-09 15:14:21,364 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) login
2013-08-09 15:14:21,364 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Identity - UserName@DOMAIN.COM
2013-08-09 15:14:21,364 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, searchScope=OBJECT_SCOPE, password-stacking=useFirstPass, baseCtxDN=OU=PL,OU=Users,DC=domain,DC=com, roleAttributeID=memberOf, baseFilter=(sAMAccountName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://ldapserver:389, stripDomainName=true, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true}
2013-08-09 15:14:21,402 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) Obtained LdapContext
2013-08-09 15:14:21,430 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-serverIP-8080-3) abort
2013-08-09 15:14:21,430 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-serverIP-8080-3) abort
2013-08-09 15:14:21,430 TRACE [org.jboss.security.negotiation.common.MessageTrace.Response.Base64] (http-serverIP-8080-3) oW0wa6JpBGdgZQYJKoZIhvcSAQICAgBvVjBUoAMCAQWhAwIBD6JIMEagAwIBF6I/BD0Iht0C9r36
dmNo0X0LfRpr4/nK7ZD/m7pNkh35jcTAjy4dKwJMqy6qOymNTPRF13FwUErrG41EtMDrk60g
2013-08-09 15:14:21,430 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-serverIP-8080-3) clear 925390004
Regards