1 Reply Latest reply on Jun 20, 2016 2:22 PM by mchoma

    SPNEGO and EAP 6.4

    tmcginnis
    tmcginnis Jun 20, 2016 9:04 AM

      I am trying to set up SPNEGO on EAP 6.4 and am seeing something in my logs that I think is weird.  Why is my principal look like it is encrypted?

       

      08:56:33,167 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-/0.0.0.0:8443-1) associate 279712080

      08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000200: Begin isValid, principal: oGCoynHrjt8dBm6bqqADHQlD_1466427379620, cache entry: null

      08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000209: defaultLogin, principal: oGCoynHrjt8dBm6bqqADHQlD_1466427379620

      08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000221: Begin getAppConfigurationEntry(SPNEGO), size: 9

      08:56:33,167 TRACE [org.jboss.security] (http-/0.0.0.0:8443-1) PBOX000224: End getAppConfigurationEntry(SPNEGO), AuthInfo: AppConfigurationEntry[]:

      [0]

      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule

      ControlFlag: LoginModuleControlFlag: requisite

      Options:

      name=serverSecurityDomain, value=host

      name=password-stacking, value=useFirstPass

      • 163 Views
      • Categories: Configure, Secure
      • Tags:
        • 1. Re: SPNEGO and EAP 6.4
          mchoma
          mchoma Jun 20, 2016 2:22 PM (in response to tmcginnis)

          From debugging NegotiationAuthenticator it seems username here is just some unique stuff

           

          username = session.getId() + "_" + String.valueOf(System.currentTimeMillis());

           

          If you want to see used username in log you can set system property -Dsun.security.krb5.debug=true

            • Actions