0 Replies Latest reply on Apr 19, 2018 8:56 AM by Ayan Sen

    Jboss EAP 6.4.18 (AS 7.5.10) - SPNEGO Kerberos integration gives Unsupported negotiation mechanism NTLM

    Ayan Sen Newbie

      Hello all,

       

      I am facing the following error when I try to integrate SPNEGO with my web application, have followed all steps as per Jboss link : 12.8. Configure Kerberos or Microsoft Active Directory Desktop SSO for Web Applications - Red Hat Customer Portal

       

      Any help/debugging steps would be appreciated.

       

      14:32:32,507 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000201: End isValid, result = false

      14:32:32,507 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0:8443-4) clear 73310951

      14:32:32,507 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) SPNEGO based authentication failed...initiating negotiation

      14:32:32,507 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000354: Setting security roles ThreadLocal: null

      14:34:22,238 TRACE [org.jboss.security] (http-0.0.0.0:8080-5) PBOX000354: Setting security roles ThreadLocal: null

      14:34:22,367 TRACE [org.jboss.security] (http-0.0.0.0:8080-6) PBOX000354: Setting security roles ThreadLocal: null

      14:34:22,417 TRACE [org.jboss.security] (http-0.0.0.0:8080-5) PBOX000354: Setting security roles ThreadLocal: null

      14:35:32,667 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Authenticating user

      14:35:32,667 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Header - null

      14:35:32,667 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) No Authorization Header, initiating negotiation

      14:35:32,667 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000354: Setting security roles ThreadLocal: null

      14:35:32,677 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Authenticating user

      14:35:32,677 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==

      14:35:32,677 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-0.0.0.0:8443-4) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==

      14:35:32,677 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-0.0.0.0:8443-4)  0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f

      14:35:32,681 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Creating new NegotiationContext

      14:35:32,681 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0:8443-4) associate 89245676

      14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000200: Begin isValid, principal: 9W4v5JlDAibv0JWnvAnODIe5_1524119732681, cache entry: null

      14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000209: defaultLogin, principal: 9W4v5JlDAibv0JWnvAnODIe5_1524119732681

      14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000221: Begin getAppConfigurationEntry(SPNEGO), size: 5

      14:35:32,682 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000224: End getAppConfigurationEntry(SPNEGO), AuthInfo: AppConfigurationEntry[]:

      [0]

      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule

      ControlFlag: LoginModuleControlFlag: requisite

      Options:

      name=removeRealmFromPrincipal, value=true

      name=password-stacking, value=useFirstPass

      name=serverSecurityDomain, value=host

      [1]

      LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule

      ControlFlag: LoginModuleControlFlag: required

      Options:

      name=defaultRolesProperties, value=file:////usr/share/jbossas/standalone/configuration/roles.properties

      name=password-stacking, value=useFirstPass

      name=rolesProperties, value=file:////usr/share/jbossas/standalone/configuration/roles.properties

      name=usersProperties, value=file:////usr/share/jbossas/standalone/configuration/users.properties

      name=defaultUsersProperties, value=file:////usr/share/jbossas/standalone/configuration/users.properties

       

       

      14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000236: Begin initialize method

      14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) removeRealmFromPrincipal=true

      14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) serverSecurityDomain=host

      14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) usernamePasswordDomain=null

      14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000240: Begin login method

      14:35:32,686 WARN  [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) Unsupported negotiation mechanism 'NTLM'.

      14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000244: Begin abort method

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000236: Begin initialize method

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/users.properties loaded, users: [TESTUSER]

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/users.properties loaded, users: [TESTUSER]

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/roles.properties loaded, users: [TESTUSER]

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/roles.properties loaded, users: [TESTUSER]

      14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000244: Begin abort method

      14:35:32,687 DEBUG [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000206: Login failure: javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.

      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.spnegoLogin(SPNEGOLoginModule.java:264) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]

      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:213) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]

      at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:148) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_65]

      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_65]

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_65]

      at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_65]

      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_65]

      at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_65]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:400) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:339) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:317) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]

      at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:143) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]

      at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:217) [jboss-as-web.jar:7.5.18.Final-redhat-1]

      at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:276) [jboss-negotiation-common.jar:2.3.13.Final-redhat-1]

      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web.jar:7.5.18.Final-redhat-1]

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb.jar:7.5.26.Final-redhat-1]

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb.jar:7.5.26.Final-redhat-1]

      at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_65]