I am trying to set up SPNEGO on EAP 6.4 and am seeing something in my logs that I think is weird. Why is my principal look like it is encrypted?
08:56:33,167 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-/0.0.0.0:8443-1) associate 279712080
08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000200: Begin isValid, principal: oGCoynHrjt8dBm6bqqADHQlD_1466427379620, cache entry: null
08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000209: defaultLogin, principal: oGCoynHrjt8dBm6bqqADHQlD_1466427379620
08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000221: Begin getAppConfigurationEntry(SPNEGO), size: 9
08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000224: End getAppConfigurationEntry(SPNEGO), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=serverSecurityDomain, value=host
name=password-stacking, value=useFirstPass
From debugging NegotiationAuthenticator it seems username here is just some unique stuff
username = session.getId() + "_" + String.valueOf(System.currentTimeMillis());
If you want to see used username in log you can set system property -Dsun.security.krb5.debug=true