1 Reply Latest reply on Sep 18, 2008 9:34 AM by Alexander Hartner

    Kerberos / JBoss Negotiate issues and questions

    Alexander Hartner Expert

      I have deployed JBoss Negotiate onto JBoss 4.2.3. Initially I tried to create the server users account using a generic name such as JBoss instead of the hostname of the machine. I couldn't get this working. After creating a username whose name matched the hostname of the JBoss server I was able to complete the Basic Negotiation and the Security Domain Test from another client. I am still not able to perform those from the server itself. IE works from the other clients, but neither IE, nor Firefox work on my client.

      I read some suggestions to clear the cache, but I haven't found instructions on doing this.

      When I try the Secured test I get the exception below. I wonder if there is a problem on my system which also runs the JBoss server which could be causing this ?

      09:54:39,905 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-roles.properties, defaults=null
      09:54:39,905 DEBUG [UsersRolesLoginModule] Loaded properties, users=[operator, ahartner@TH.local, vreddy@TH, user, ahartner@TH, jamesm@TH, other, vreddy@TH.local, jamesm@TH.local, sysop]
      09:54:39,905 TRACE [UsersRolesLoginModule] abort
      09:54:39,920 TRACE [SPNEGO] Login failure
      javax.security.auth.login.LoginException: Continuation Required.
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:156)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
      09:54:40,030 TRACE [SPNEGO] End isValid, false
      09:54:40,030 DEBUG [SPNEGOAuthenticator] authenticated principal = null
      09:54:40,030 TRACE [SPNEGOContext] clear 31752641
      09:54:40,030 TRACE [SecurityAssociation] clear, server=true
      09:54:40,045 TRACE [SPNEGOAuthenticator] Authenticating user
      09:54:40,045 INFO [SPNEGOAuthenticator] Header - Negotiate oYIF2zCCBdeiggXTBIIFz2CCBcsGCSqGSIb3EgECAgEAboIFujCCBbagAwIBBaEDAgEOogcDBQAgAAAAo4IE5WGCBOEwggTdoAMCAQWhChsIVEguTE9DQUyiITAfoAMCAQKhGDAWGwRI
      

      ...
       0xcf 0x0e 0x1a 0x1b 0xbd 0xaa 0xa1 0x63
      09:54:40,546 DEBUG [SPNEGOLoginModule] Creating new GSSContext.
      09:54:40,686 TRACE [SPNEGOLoginModule] Result - GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
      09:54:40,686 ERROR [SPNEGOLoginModule] Unable to authenticate
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
       at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:295)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:337)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:113)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
      Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
       at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:262)
       at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
       at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
       at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
       ... 32 more
      09:54:40,827 INFO [STDOUT] [Krb5LoginModule]: Entering logout
      09:54:40,843 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
      09:54:40,843 TRACE [SPNEGOLoginModule] abort
      09:54:40,843 TRACE [UsersRolesLoginModule] initialize, instance=@12914915
      09:54:40,843 TRACE [UsersRolesLoginModule] Security domain: SPNEGO
      09:54:40,858 TRACE [UsersRolesLoginModule] findResource: null
      09:54:40,858 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-users.properties, defaults=null
      09:54:40,858 DEBUG [UsersRolesLoginModule] Loaded properties, users=[]
      09:54:40,858 TRACE [UsersRolesLoginModule] findResource: null
      09:54:40,858 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-roles.properties, defaults=null
      09:54:40,874 DEBUG [UsersRolesLoginModule] Loaded properties, users=[operator, ahartner@TH.local, vreddy@TH, user, ahartner@TH, jamesm@TH, other, vreddy@TH.local, jamesm@TH.local, sysop]
      09:54:40,874 TRACE [UsersRolesLoginModule] abort
      09:54:40,874 TRACE [SPNEGO] Login failure
      javax.security.auth.login.LoginException: Unable to authenticate - Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
       at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:136)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
      09:54:40,999 TRACE [SPNEGO] End isValid, false
      09:54:40,999 DEBUG [SPNEGOAuthenticator] authenticated principal = null
      


        • 1. Re: Kerberos / JBoss Negotiate issues and questions
          Alexander Hartner Expert

          One of the problems was that I did not install the latest tools from http://go.microsoft.com/fwlink/?LinkId=100114

          The default tools used DES-CBC-MD5 and also set DES-only encryption on the account. After installing the updated tools the ktpass command completed as shown in the user guide.

          I disable DES on the user account and re-ran the ktpass and ktab command. After restarting JBoss I am still not able to complete the secure test.

          The following exception is raised.


          14:24:20,835 TRACE [UsersRolesLoginModule] abort
          14:24:20,835 TRACE [SPNEGO] Login failure
          javax.security.auth.login.LoginException: Continuation Required.
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:156)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
          at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
          at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
          at java.lang.Thread.run(Thread.java:619)
          14:24:20,944 TRACE [SPNEGO] End isValid, false
          14:24:20,960 DEBUG [SPNEGOAuthenticator] authenticated principal = null
          14:24:20,960 TRACE [SPNEGOContext] clear 20096223
          14:24:20,960 TRACE [SecurityAssociation] clear, server=true
          14:24:20,975 TRACE [SPNEGOAuthenticator] Authenticating user
          ...
          14:24:21,507 TRACE [SPNEGOLoginModule] Result - java.io.IOException: Unexpected message type
          14:24:21,507 ERROR [SPNEGOLoginModule] Unable to authenticate
          java.io.IOException: Unexpected message type
          at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decodeNegTokenTargSequence(NegTokenTargDecoder.java:121)
          at org.jboss.security.negotiation.spnego.encoding.NegTokenTargDecoder.decode(NegTokenTargDecoder.java:137)
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:261)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.Subject.doAs(Subject.java:337)
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:113)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
          at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
          at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
          at java.lang.Thread.run(Thread.java:619)
          14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: Entering logout
          14:24:21,663 INFO [STDOUT] [Krb5LoginModule]: logged out Subject
          14:24:21,663 TRACE [SPNEGOLoginModule] abort
          14:24:21,663 TRACE [UsersRolesLoginModule] initialize, instance=@15179443
          14:24:21,663 TRACE [UsersRolesLoginModule] Security domain: SPNEGO
          14:24:21,663 TRACE [UsersRolesLoginModule] findResource: null
          14:24:21,663 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-users.properties, defaults=null
          14:24:21,663 DEBUG [UsersRolesLoginModule] Loaded properties, users=[]
          14:24:21,695 TRACE [UsersRolesLoginModule] findResource: null
          14:24:21,695 TRACE [UsersRolesLoginModule] Properties file=file:/C:/jboss-4.2.3.GA/server/default/conf/props/spnego-roles.properties, defaults=null
          14:24:21,695 DEBUG [UsersRolesLoginModule] Loaded properties, users=[operator, ahartner@TH.local, vreddy@TH, user, ahartner@TH, jamesm@TH, other, vreddy@TH.local, jamesm@TH.local, sysop]
          14:24:21,695 TRACE [UsersRolesLoginModule] abort
          14:24:21,695 TRACE [SPNEGO] Login failure
          javax.security.auth.login.LoginException: Unable to authenticate - Unexpected message type
          at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:136)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
          at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
          at org.jboss.security.negotiation.spnego.SPNEGOAuthenticator.authenticate(SPNEGOAuthenticator.java:103)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
          at java.lang.Thread.run(Thread.java:619)
          14:24:21,804 TRACE [SPNEGO] End isValid, false
          14:24:21,820 DEBUG [SPNEGOAuthenticator] authenticated principal = null
          14:24:21,820 TRACE [SPNEGOContext] clear 20096223
          14:24:21,820 TRACE [SecurityAssociation] clear, server=true


          I think I am very close to get this working, just missing one or two minor things. If you have any suggestion on what I could try to get this working please let me know.

          Thanks in advance.
          Alex