Kerberos authentication with browsers
Hi,
I'm new to JBOSS and kerberos.
By following steps in https://developer.jboss.org/wiki/HowToImplementKerberosAuthenticationWithASimpleRESTWebApp i have implemented kerberos with JBOSS server. It is working fine with curl command as http://primary.example.com:28080/CounterWebApp/ Im trying to use browser to get same result. Initially i have tried with firefox. But i was getting following exception as follows.
####[2017-10-23 19:21:44,273] TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) Authenticating user
####[2017-10-23 19:21:44,273] DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) Header - null
####[2017-10-23 19:21:44,273] DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) No Authorization Header, initiating negotiation
####[2017-10-23 19:21:44,273] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000354: Setting security roles ThreadLocal: null
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) Authenticating user
####[2017-10-23 19:21:44,280] DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-executor-threads - 23) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-executor-threads - 23) 0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-executor-threads - 23) associate 1552217786
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000200: Begin isValid, principal: wCiiZOqfrHJ7aGX7xGi1YKOR_1508779230593, cache entry: null
####[2017-10-23 19:21:44,280] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000209: defaultLogin, principal: wCiiZOqfrHJ7aGX7xGi1YKOR_1508779230593
####[2017-10-23 19:21:44,281] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000221: Begin getAppConfigurationEntry(EXAMPLE.COM), size: 5
####[2017-10-23 19:21:44,281] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000224: End getAppConfigurationEntry(EXAMPLE.COM), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=serverSecurityDomain, value=host
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=usersProperties, value=FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-users.properties
name=defaultUsersProperties, value=FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-users.properties
name=rolesProperties, value=FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-roles.properties
name=defaultRolesProperties, value=FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-roles.properties
name=password-stacking, value=useFirstPass
[2]
LoginModule Class: org.jboss.security.auth.spi.RoleMappingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=rolesProperties, value=FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-roles.properties
####[2017-10-23 19:21:44,281] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000236: Begin initialize method
####[2017-10-23 19:21:44,281] DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-executor-threads - 23) removeRealmFromPrincipal=false
####[2017-10-23 19:21:44,281] DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-executor-threads - 23) serverSecurityDomain=host
####[2017-10-23 19:21:44,281] DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-executor-threads - 23) usernamePasswordDomain=null
####[2017-10-23 19:21:44,281] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000240: Begin login method
####[2017-10-23 19:21:44,281] WARN [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-executor-threads - 23) Unsupported negotiation mechanism 'NTLM'.
####[2017-10-23 19:21:44,282] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000244: Begin abort method
####[2017-10-23 19:21:44,282] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000236: Begin initialize method
####[2017-10-23 19:21:44,283] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000288: Properties file FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-users.properties loaded, users: [HTTP/primary.example.com@EXAMPLE.COM, rareddy@EXAMPLE.COM]
####[2017-10-23 19:21:44,283] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000288: Properties file FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-users.properties loaded, users: [HTTP/primary.example.com@EXAMPLE.COM, rareddy@EXAMPLE.COM]
####[2017-10-23 19:21:44,283] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000288: Properties file FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-roles.properties loaded, users: [HTTP/primary.example.com@EXAMPLE.COM, rareddy@EXAMPLE.COM]
####[2017-10-23 19:21:44,284] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000288: Properties file FILE:/var/lib/jboss/domains/DP-SDE-JBOSS_sde/configuration/application-roles.properties loaded, users: [HTTP/primary.example.com@EXAMPLE.COM, rareddy@EXAMPLE.COM]
####[2017-10-23 19:21:44,284] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000244: Begin abort method
####[2017-10-23 19:21:44,284] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000236: Begin initialize method
####[2017-10-23 19:21:44,284] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000244: Begin abort method
####[2017-10-23 19:21:44,284] DEBUG [org.jboss.security] (http-executor-threads - 23) PBOX000206: Login failure: javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.spnegoLogin(SPNEGOLoginModule.java:261) [jboss-negotiation-spnego-2.3.12.Final-redhat-1.jar:2.3.12.Final-redhat-1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:210) [jboss-negotiation-spnego-2.3.12.Final-redhat-1.jar:2.3.12.Final-redhat-1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:145) [jboss-negotiation-spnego-2.3.12.Final-redhat-1.jar:2.3.12.Final-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_131]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_131]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_131]
at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_131]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_131]
at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_131]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:399) [picketbox-infinispan-4.1.3.Final-redhat-1.jar:4.1.3.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:338) [picketbox-infinispan-4.1.3.Final-redhat-1.jar:4.1.3.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:326) [picketbox-infinispan-4.1.3.Final-redhat-1.jar:4.1.3.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:142) [picketbox-infinispan-4.1.3.Final-redhat-1.jar:4.1.3.Final-redhat-1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:217) [jboss-as-web-7.5.13.Final-redhat-2.jar:7.5.13.Final-redhat-2]
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:276) [jboss-negotiation-common-2.3.12.Final-redhat-1.jar:2.3.12.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.13.Final-redhat-2.jar:7.5.13.Final-redhat-2]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at com.ericsson.container.clb.proxy.http.util.ClbHttpValve.invoke(ClbHttpValve.java:39)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:511) [jbossweb-7.5.20.Final-redhat-1.jar:7.5.20.Final-redhat-1]
at org.jboss.threads.SimpleDirectExecutor.execute(SimpleDirectExecutor.java:33)
at org.jboss.threads.QueueExecutor.runTask(QueueExecutor.java:808)
at org.jboss.threads.QueueExecutor.access$100(QueueExecutor.java:45)
at org.jboss.threads.QueueExecutor$Worker.run(QueueExecutor.java:849)
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_131]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
####[2017-10-23 19:21:44,286] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000201: End isValid, result = false
####[2017-10-23 19:21:44,286] TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-executor-threads - 23) clear 1552217786
####[2017-10-23 19:21:44,286] DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-executor-threads - 23) SPNEGO based authentication failed...initiating negotiation
####[2017-10-23 19:21:44,286] TRACE [org.jboss.security] (http-executor-threads - 23) PBOX000354: Setting security roles ThreadLocal: null
Please help me to solve this issue. It is urgent. Thanks in advance
Regards
Saravanan
