0 Replies Latest reply on Sep 9, 2015 5:15 AM by svadaviya

    How to make SOAP web service call to application  deployed on SSO SPNEGO enabled Jboss 6.0.0.final ?


      Hi All I have configured SSO SPNEGO on Jboss and on application which is deployed on server is also configured to use SSO authentication method. SSO works fine and uses users credentials(username, password and domain) provided at the time of accessing machine to get authenticate against Active directory server.

      I have attached login.conf and krb5.conf that i am using.



      But my problem is that when i make web service call to application Authentication fails.

      I am getting following error :


      default etypes for default_tkt_enctypes: 16.

      >>> KdcAccessibility: reset

      default etypes for default_tkt_enctypes: 16.

      >>> KrbAsReq calling createMessage

      >>> KrbAsReq in createMessage

      >>> KrbKdcReq send: kdc=hssad1899.hicnet.loc TCP:88, timeout=30000, number of retries =3, #bytes=129

      >>> KDCCommunication: kdc=hssad1899.hicnet.loc TCP:88, #bytes=129

      >>>DEBUG: TCPClient reading 132 bytes

      Exception in thread "main" javax.security.auth.login.LoginException: KDC has no support for encryption type (14)

          at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)

          at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

          at java.lang.reflect.Method.invoke(Unknown Source)

          at javax.security.auth.login.LoginContext.invoke(Unknown Source)

          at javax.security.auth.login.LoginContext.access$000(Unknown Source)

          at javax.security.auth.login.LoginContext$4.run(Unknown Source)

          at java.security.AccessController.doPrivileged(Native Method)

          at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)

          at javax.security.auth.login.LoginContext.login(Unknown Source)

          at net.sourceforge.spnego.SpnegoHttpURLConnection.<init>(SpnegoHttpURLConnection.java:251)

          at net.sourceforge.spnego.SpnegoSOAPConnection.<init>(SpnegoSOAPConnection.java:160)

          at com.spnego.webservice.ExampleSpnegoSOAPClient.invoke(ExampleSpnegoSOAPClient.java:82)

          at com.spnego.webservice.SpnegoHelloClient.main(SpnegoHelloClient.java:58)

      Caused by: KrbException: KDC has no support for encryption type (14)

          at sun.security.krb5.KrbAsRep.<init>(Unknown Source)

          at sun.security.krb5.KrbAsReq.getReply(Unknown Source)

          at sun.security.krb5.Credentials.sendASRequest(Unknown Source)

          at sun.security.krb5.Credentials.acquireTGT(Unknown Source)

          ... 16 more

      Caused by: KrbException: Identifier doesn't match expected value (906)

          at sun.security.krb5.internal.KDCRep.init(Unknown Source)

          at sun.security.krb5.internal.ASRep.init(Unknown Source)

          at sun.security.krb5.internal.ASRep.<init>(Unknown Source)

          ... 20 more

      >>> KrbKdcReq send: #bytes read=132

      >>> KrbKdcReq send: #bytes read=132

      >>> KdcAccessibility: remove hssad1899.hicnet.loc

      >>> KDCRep: init() encoding tag is 126 req type is 11


           sTime is Wed Sep 09 14:38:35 IST 2015 1441789715000

           suSec is 640628

           error code is 14

           error Message is KDC has no support for encryption type

           realm is HICNET.LOC

           sname is krbtgt/HICNET.LOC

           eData provided.

           msgType is 30