Jboss EAP 6.4.18 (AS 7.5.10) - SPNEGO Kerberos integration gives Unsupported negotiation mechanism NTLM
ayansen Apr 19, 2018 8:56 AMHello all,
I am facing the following error when I try to integrate SPNEGO with my web application, have followed all steps as per Jboss link : 12.8. Configure Kerberos or Microsoft Active Directory Desktop SSO for Web Applications - Red Hat Customer Portal
Any help/debugging steps would be appreciated.
14:32:32,507 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000201: End isValid, result = false
14:32:32,507 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0:8443-4) clear 73310951
14:32:32,507 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) SPNEGO based authentication failed...initiating negotiation
14:32:32,507 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000354: Setting security roles ThreadLocal: null
14:34:22,238 TRACE [org.jboss.security] (http-0.0.0.0:8080-5) PBOX000354: Setting security roles ThreadLocal: null
14:34:22,367 TRACE [org.jboss.security] (http-0.0.0.0:8080-6) PBOX000354: Setting security roles ThreadLocal: null
14:34:22,417 TRACE [org.jboss.security] (http-0.0.0.0:8080-5) PBOX000354: Setting security roles ThreadLocal: null
14:35:32,667 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Authenticating user
14:35:32,667 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Header - null
14:35:32,667 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) No Authorization Header, initiating negotiation
14:35:32,667 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000354: Setting security roles ThreadLocal: null
14:35:32,677 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Authenticating user
14:35:32,677 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Header - Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
14:35:32,677 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-0.0.0.0:8443-4) TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
14:35:32,677 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-0.0.0.0:8443-4) 0x4e 0x54 0x4c 0x4d 0x53 0x53 0x50 0x00 0x01 0x00 0x00 0x00 0x97 0x82 0x08 0xe2 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x06 0x01 0xb1 0x1d 0x00 0x00 0x00 0x0f
14:35:32,681 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0:8443-4) Creating new NegotiationContext
14:35:32,681 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0:8443-4) associate 89245676
14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000200: Begin isValid, principal: 9W4v5JlDAibv0JWnvAnODIe5_1524119732681, cache entry: null
14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000209: defaultLogin, principal: 9W4v5JlDAibv0JWnvAnODIe5_1524119732681
14:35:32,681 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000221: Begin getAppConfigurationEntry(SPNEGO), size: 5
14:35:32,682 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000224: End getAppConfigurationEntry(SPNEGO), AuthInfo: AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
ControlFlag: LoginModuleControlFlag: requisite
Options:
name=removeRealmFromPrincipal, value=true
name=password-stacking, value=useFirstPass
name=serverSecurityDomain, value=host
[1]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=defaultRolesProperties, value=file:////usr/share/jbossas/standalone/configuration/roles.properties
name=password-stacking, value=useFirstPass
name=rolesProperties, value=file:////usr/share/jbossas/standalone/configuration/roles.properties
name=usersProperties, value=file:////usr/share/jbossas/standalone/configuration/users.properties
name=defaultUsersProperties, value=file:////usr/share/jbossas/standalone/configuration/users.properties
14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000236: Begin initialize method
14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) removeRealmFromPrincipal=true
14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) serverSecurityDomain=host
14:35:32,686 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) usernamePasswordDomain=null
14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000240: Begin login method
14:35:32,686 WARN [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-0.0.0.0:8443-4) Unsupported negotiation mechanism 'NTLM'.
14:35:32,686 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000244: Begin abort method
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000236: Begin initialize method
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/users.properties loaded, users: [TESTUSER]
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/users.properties loaded, users: [TESTUSER]
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/roles.properties loaded, users: [TESTUSER]
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000288: Properties file file:////usr/share/jbossas/standalone/configuration/roles.properties loaded, users: [TESTUSER]
14:35:32,687 TRACE [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000244: Begin abort method
14:35:32,687 DEBUG [org.jboss.security] (http-0.0.0.0:8443-4) PBOX000206: Login failure: javax.security.auth.login.LoginException: Unsupported negotiation mechanism 'NTLM'.
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.spnegoLogin(SPNEGOLoginModule.java:264) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:213) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]
at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:148) [jboss-negotiation-spnego.jar:2.3.13.Final-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_65]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_65]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_65]
at java.lang.reflect.Method.invoke(Method.java:497) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0_65]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0_65]
at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0_65]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:400) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:339) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:317) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:143) [picketbox-infinispan.jar:4.1.6.Final-redhat-1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:217) [jboss-as-web.jar:7.5.18.Final-redhat-1]
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:276) [jboss-negotiation-common.jar:2.3.13.Final-redhat-1]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web.jar:7.5.18.Final-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:151) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:559) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:656) [jbossweb.jar:7.5.26.Final-redhat-1]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb.jar:7.5.26.Final-redhat-1]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_65]