0 Replies Latest reply on Jan 21, 2014 3:45 AM by ramakanta sahoo

    Jboss negotiation tool kit for AD kerbero not working

    ramakanta sahoo Newbie

      While trying to test the security domain using the Jboss negotiation toolkit I am facing below error when ever I try to authenticate host. can some one please tell what could be the issue

      Here I am using IIS7.5, Microsoft AD and SPNEGO, though basic authentication works, security domain test fails...

       

         Negotiation Toolkit

      Security Domain Test

      Testing security-domain 'host'

       

       

      Failed!

      javax.security.auth.login.LoginException - Unable to obtain password from user

       

       

       

       

      In logs:

       

       

      2014-01-20 01:20:27,364 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-1) Setting threadlocal:null

      2014-01-20 01:20:31,786 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-1) Setting threadlocal:{}

      2014-01-20 01:20:31,786 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8080-1) Begin getAppConfigurationEntry(host), size=15

      2014-01-20 01:20:31,786 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8080-1) End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:

      [0]

      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule

      ControlFlag: LoginModuleControlFlag: required

      Options:

      name=principal, value=HTTP/testserver1@MYKERBERODOMAIN.COM

      name=useKeyTab, value=true

      name=storeKey, value=true

      name=keyTab, value=C:\testserver.keytab

      name=debug, value=true

      name=doNotPrompt, value=true

       

       

      2014-01-20 01:20:31,786 DEBUG [org.jboss.security.negotiation.toolkit.SecurityDomainTestServlet] (http-0.0.0.0-8080-1) Obtained LoginContext for 'host' security-domain.

      2014-01-20 01:20:31,786 INFO  [STDOUT] (http-0.0.0.0-8080-1) Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is C:\testserver.keytab refreshKrb5Config is false principal is HTTP/testserver1@MYKERBERODOMAIN.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false

      2014-01-20 01:20:31,786 INFO  [STDOUT] (http-0.0.0.0-8080-1) Key for the principal HTTP/testserver1@MYKERBERODOMAIN.COM not available in C:\testserver.keytab

      2014-01-20 01:20:31,801 INFO  [STDOUT] (http-0.0.0.0-8080-1)        [Krb5LoginModule] authentication failed

      Unable to obtain password from user

      2014-01-20 01:20:31,801 ERROR [org.jboss.security.negotiation.toolkit.SecurityDomainTestServlet] (http-0.0.0.0-8080-1) testDomain Failed

      javax.security.auth.login.LoginException: Unable to obtain password from user

       

       

          at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789)

          at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654)

          at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

          at java.lang.reflect.Method.invoke(Method.java:597)

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

          at java.security.AccessController.doPrivileged(Native Method)

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

          at org.jboss.security.negotiation.toolkit.SecurityDomainTestServlet.testDomain(SecurityDomainTestServlet.java:108)

          at org.jboss.security.negotiation.toolkit.SecurityDomainTestServlet.doGet(SecurityDomainTestServlet.java:77)

          at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)

          at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)

          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)

          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

          at org.jboss.security.negotiation.NegotiationAuthenticator$1.invoke(NegotiationAuthenticator.java:326)

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:442)

          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95)

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

          at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.internalProcess(ActiveRequestResponseCacheValve.java:74)

          at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:47)

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:599)

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:451)

          at java.lang.Thread.run(Thread.java:662)

      2014-01-20 01:20:31,801 TRACE [org.jboss.security.SecurityAssociation] (http-0.0.0.0-8080-1) clear, server=true

      2014-01-20 01:20:31,801 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-1) Setting threadlocal:null

      2014-01-20 01:20:31,801 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-1) Setting threadlocal:null