JBoss Spnego | Unsupported negotiation mechanism 'NTLM'
mohtisham Jul 12, 2012 1:17 AMDear All,
We have JBoss on a separate machine from AD. After following the JBoss Negotiation Guide the provided Negotiation Testing Toolkit was able to test the domain successfully. But basic & secured test was unsuccessful. Following exception is thrown:
2012-07-12 08:39:41,742 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Authenticating user 2012-07-12 08:39:41,742 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Authenticating user 2012-07-12 08:39:41,742 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== 2012-07-12 08:39:41,742 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== 2012-07-12 08:39:41,761 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (ajp-0.0.0.0-8409-3) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== 2012-07-12 08:39:41,761 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (ajp-0.0.0.0-8409-3) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== 2012-07-12 08:39:41,767 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (ajp-0.0.0.0-8409-3) 0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f 2012-07-12 08:39:41,767 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (ajp-0.0.0.0-8409-3) 0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f 2012-07-12 08:39:42,035 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Creating new NegotiationContext 2012-07-12 08:39:42,035 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Creating new NegotiationContext 2012-07-12 08:39:42,039 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) associate 1211161939 2012-07-12 08:39:42,039 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) associate 1211161939 2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Begin isValid, principal:F241A484D094B7243A72A31089B782F6.trkssit, cache info: null 2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Begin isValid, principal:F241A484D094B7243A72A31089B782F6.trkssit, cache info: null 2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) defaultLogin, principal=F241A484D094B7243A72A31089B782F6.trkssit 2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) defaultLogin, principal=F241A484D094B7243A72A31089B782F6.trkssit 2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) Begin getAppConfigurationEntry(SPNEGO), size=14 2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) Begin getAppConfigurationEntry(SPNEGO), size=14 2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule ControlFlag: LoginModuleControlFlag: requisite Options: name=serverSecurityDomain, value=host name=password-stacking, value=useFirstPass 2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule ControlFlag: LoginModuleControlFlag: requisite Options: name=serverSecurityDomain, value=host name=password-stacking, value=useFirstPass 2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) initialize 2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) initialize 2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Security domain: SPNEGO 2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Security domain: SPNEGO 2012-07-12 08:39:42,062 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) serverSecurityDomain=host 2012-07-12 08:39:42,062 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) serverSecurityDomain=host 2012-07-12 08:39:42,063 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) login 2012-07-12 08:39:42,063 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) login 2012-07-12 08:39:42,067 WARN [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Unsupported negotiation mechanism 'NTLM'. 2012-07-12 08:39:42,067 WARN [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Unsupported negotiation mechanism 'NTLM'. 2012-07-12 08:39:42,067 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) abort 2012-07-12 08:39:42,067 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) abort 2012-07-12 08:39:42,067 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Login failure javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'. at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:122) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) at javax.security.auth.login.LoginContext.login(LoginContext.java:594) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160) at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399) at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) at java.lang.Thread.run(Thread.java:636) 2012-07-12 08:39:42,067 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Login failure javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'. at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:122) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) at javax.security.auth.login.LoginContext.login(LoginContext.java:594) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487) at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160) at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399) at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436) at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451) at java.lang.Thread.run(Thread.java:636) 2012-07-12 08:39:42,072 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) End isValid, false 2012-07-12 08:39:42,072 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) End isValid, false 2012-07-12 08:39:42,072 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) clear 1211161939 2012-07-12 08:39:42,072 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) clear 1211161939 2012-07-12 08:39:42,072 TRACE [org.jboss.security.SecurityAssociation] (ajp-0.0.0.0-8409-3) clear, server=true 2012-07-12 08:39:42,072 TRACE [org.jboss.security.SecurityAssociation] (ajp-0.0.0.0-8409-3) clear, server=true 2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null 2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null 2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null 2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null