3 Replies Latest reply on Jan 30, 2013 6:26 AM by Akshay Harale

    JBoss Spnego | Unsupported negotiation mechanism 'NTLM'

    Mohtisham Anwar Newbie

      Dear All,

      We have JBoss on a separate machine from AD. After following the JBoss Negotiation Guide the provided Negotiation Testing Toolkit was able to test the domain successfully. But basic & secured test was unsuccessful. Following exception is thrown:

       

      2012-07-12 08:39:41,742 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Authenticating user
      2012-07-12 08:39:41,742 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Authenticating user
      2012-07-12 08:39:41,742 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
      2012-07-12 08:39:41,742 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
      2012-07-12 08:39:41,761 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (ajp-0.0.0.0-8409-3) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
      2012-07-12 08:39:41,761 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (ajp-0.0.0.0-8409-3) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
      2012-07-12 08:39:41,767 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (ajp-0.0.0.0-8409-3)  0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f
      2012-07-12 08:39:41,767 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (ajp-0.0.0.0-8409-3)  0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f
      2012-07-12 08:39:42,035 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Creating new NegotiationContext
      2012-07-12 08:39:42,035 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (ajp-0.0.0.0-8409-3) Creating new NegotiationContext
      2012-07-12 08:39:42,039 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) associate 1211161939
      2012-07-12 08:39:42,039 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) associate 1211161939
      2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Begin isValid, principal:F241A484D094B7243A72A31089B782F6.trkssit, cache info: null
      2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Begin isValid, principal:F241A484D094B7243A72A31089B782F6.trkssit, cache info: null
      2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) defaultLogin, principal=F241A484D094B7243A72A31089B782F6.trkssit
      2012-07-12 08:39:42,044 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) defaultLogin, principal=F241A484D094B7243A72A31089B782F6.trkssit
      2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) Begin getAppConfigurationEntry(SPNEGO), size=14
      2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) Begin getAppConfigurationEntry(SPNEGO), size=14
      2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:
      name=serverSecurityDomain, value=host
      name=password-stacking, value=useFirstPass
      
      2012-07-12 08:39:42,045 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (ajp-0.0.0.0-8409-3) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:
      name=serverSecurityDomain, value=host
      name=password-stacking, value=useFirstPass
      
      2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) initialize
      2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) initialize
      2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Security domain: SPNEGO
      2012-07-12 08:39:42,062 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Security domain: SPNEGO
      2012-07-12 08:39:42,062 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) serverSecurityDomain=host
      2012-07-12 08:39:42,062 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) serverSecurityDomain=host
      2012-07-12 08:39:42,063 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) login
      2012-07-12 08:39:42,063 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) login
      2012-07-12 08:39:42,067 WARN  [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Unsupported negotiation mechanism 'NTLM'.
      2012-07-12 08:39:42,067 WARN  [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) Unsupported negotiation mechanism 'NTLM'.
      2012-07-12 08:39:42,067 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) abort
      2012-07-12 08:39:42,067 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (ajp-0.0.0.0-8409-3) abort
      2012-07-12 08:39:42,067 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Login failure
      javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:122)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:616)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399)
          at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)
          at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
          at java.lang.Thread.run(Thread.java:636)
      2012-07-12 08:39:42,067 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) Login failure
      javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:122)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
          at java.lang.reflect.Method.invoke(Method.java:616)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:399)
          at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
          at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:383)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
          at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:436)
          at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:384)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)
          at java.lang.Thread.run(Thread.java:636)
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) End isValid, false
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (ajp-0.0.0.0-8409-3) End isValid, false
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) clear 1211161939
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (ajp-0.0.0.0-8409-3) clear 1211161939
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.SecurityAssociation] (ajp-0.0.0.0-8409-3) clear, server=true
      2012-07-12 08:39:42,072 TRACE [org.jboss.security.SecurityAssociation] (ajp-0.0.0.0-8409-3) clear, server=true
      2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null
      2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null
      2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null
      2012-07-12 08:39:42,075 TRACE [org.jboss.security.SecurityRolesAssociation] (ajp-0.0.0.0-8409-3) Setting threadlocal:null