0 Replies Latest reply on May 12, 2009 3:59 PM by na na

    JBoss Negotiate - Error When Obtaining Ldap Context

    na na Newbie

      Hi jboss developers,

      I am using Jboss Negotiation 4.0.3GA and for some reason I am getting an exception when the code tries to obtain a ldap connection.

      Below is the stack trace.

      2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext
      2009-05-12 14:15:25,593 WARN [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Authentication was performed despite already being authenticated!
      2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getCredDelegState() = false
      2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getMutualAuthState() = true
      2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getSrcName() = xamyuser@MYDOMAIN.COM
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - true
      2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Storing username 'xamyuser@MYDOMAIN.COM' and empty password
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk true
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] initialize, instance=@6455597
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Security domain: SPNEGO
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Using GSSAPI to connect to LDAP
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=10
      2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=principal, value=xsqajboss@MYDOMAIN.COM
      name=useKeyTab, value=true
      name=storeKey, value=true
      name=keyTab, value=E:\\jboss-4.2.3.GA\\server\\default\\conf\\xsqajboss.keytab
      name=debug, value=true
      name=doNotPrompt, value=true
      
      2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Subject = Subject:
       Principal: xsqajboss@MYDOMAIN.COM
       Private Credential: Ticket (hex) =
      0000: 61 82 03 D5 30 82 03 D1 A0 03 02 01 05 A1 0A 1B a...0...........
      0010: 08 4E 45 58 55 53 2E 44 53 A2 1D 30 1B A0 03 02 .MYDOMAIN.COM..0....
      0020: 01 02 A1 14 30 12 1B 06 6B 72 62 74 67 74 1B 08 ....0...krbtgt..
      0030: 4E 45 58 55 53 2E 44 53 A3 82 03 9D 30 82 03 99 MYDOMAIN.COM....0...
      0040: A0 03 02 01 17 A1 03 02 01 02 A2 82 03 8B 04 82 ................
      0050: 03 87 3E 48 A0 02 A8 70 0E 82 D6 E1 E6 04 BD 11 ..>H...p........
      0060: C8 78 C2 DC 7F 8D 27 53 B9 CA 0B FF 52 24 46 81 .x....'S....R$F.
      0070: 6C 10 F5 EB 11 48 F6 72 A8 E2 98 DF DE 95 07 62 l....H.r.......b
      0080: B7 E1 A1 4E 40 FA 0E 56 DB CE CA BD 71 8D 85 27 ...N@..V....q..'
      0090: D3 D6 A1 10 DB 7A E8 DE A0 1C ED BD 99 29 0C ED .....z.......)..
      00A0: EE 8B 37 83 5C 5A 27 73 93 4F 3E 5B 4B 40 5B 38 ..7.\Z's.O>[K@[8
      00B0: E0 19 EA 7E 96 D4 B5 1B 5B BC 32 1A 3F 77 E8 9B ........[.2.?w..
      00C0: 80 BC CB 51 A1 94 D0 06 C5 95 ED EE 51 9B 04 10 ...Q........Q...
      00D0: 54 33 B8 83 4F F3 62 2B B2 EC 47 27 AF B9 13 6D T3..O.b+..G'...m
      00E0: B5 A0 B4 06 C0 88 01 64 5F EA 54 2F 96 B0 92 61 .......d_.T/...a
      00F0: CE 7E 30 C2 0F 8A D5 D3 70 21 59 7E AE 65 C0 AA ..0.....p!Y..e..
      0100: F1 34 88 73 54 C1 3B 88 23 D4 9D AC 53 1A 5B 73 .4.sT.;.#...S.[s
      0110: EA A8 D1 61 E0 E5 56 13 8E B4 86 FB 4D 48 9D B2 ...a..V.....MH..
      0120: 24 D1 24 65 EB 6A D4 33 74 DF 96 51 A2 B9 51 79 $.$e.j.3t..Q..Qy
      0130: 9E 22 A1 FA 6C 4C EE 8F 3D 38 28 34 74 4A 33 C2 ."..lL..=8(4tJ3.
      0140: 03 94 89 65 0D 82 32 A5 4B 6B F9 9F AE 1F 45 A2 ...e..2.Kk....E.
      0150: 6F 2D C5 34 B9 C7 80 16 DB 8B 7A A1 A7 74 83 4B o-.4......z..t.K
      0160: 58 47 A2 C8 A7 6E EC BC 7A 45 E2 A5 F2 FA 8B 7F XG...n..zE......
      0170: CE 36 3B 83 73 C7 70 81 0A 1E AC 8A 91 C3 C6 09 .6;.s.p.........
      0180: 2E 01 6A 31 3A C9 CC 7E 0C 8B 07 D6 22 29 5F AF ..j1:.......")_.
      0190: 22 95 D8 CE 0D F2 C5 E8 8E 65 18 7A 21 E9 4A 04 "........e.z!.J.
      01A0: B0 2A E8 42 74 B7 75 1A F1 19 B2 75 70 E2 8A FA .*.Bt.u....up...
      01B0: B7 60 46 C7 64 A7 C0 D0 78 F8 BB 2F 9A E0 C7 EA .`F.d...x../....
      01C0: A6 86 B7 FF E6 D9 B2 AF 70 F3 8C F2 56 C8 84 4E ........p...V..N
      01D0: BB 00 44 39 75 6D 27 0A 5E A9 E3 63 F9 9D B4 18 ..D9um'.^..c....
      01E0: 5E C7 B1 69 31 90 89 23 2A 4E 34 5C FF B7 38 C2 ^..i1..#*N4\..8.
      01F0: 93 90 A8 09 F3 14 63 D0 F0 DD 49 C7 D7 78 B3 8B ......c...I..x..
      0200: 35 95 73 3A 3E 70 19 2A 55 09 72 7A 79 FC 13 25 5.s:>p.*U.rzy..%
      0210: DC 88 D9 ED 54 6D E3 49 3D CE 35 6F BF 93 CB A5 ....Tm.I=.5o....
      0220: 7D E0 D3 6B A6 EC 61 50 10 C8 C3 0C 6B A2 8B DC ...k..aP....k...
      0230: 80 82 AB 7F 71 58 78 4C 81 DC 6C 2F CE 19 B6 3E ....qXxL..l/...>
      0240: DB 83 47 54 B9 80 34 5C 33 40 14 5B 9F 77 2D 86 ..GT..4\3@.[.w-.
      0250: D7 80 7C BD F7 A8 69 B4 C8 78 DF 30 11 39 0F B2 ......i..x.0.9..
      0260: 92 8E E6 94 06 35 2A A0 4D C8 2E 4B 6B 1E AA 5B .....5*.M..Kk..[
      0270: EE C5 E8 6C 24 F6 0A 17 5B 85 4A C2 8E DE 37 F2 ...l$...[.J...7.
      0280: 0D 6B AA C8 38 F8 6D C0 04 93 2A E0 91 5C 5A 36 .k..8.m...*..\Z6
      0290: 12 10 C9 9F B4 F0 22 69 59 D6 BD 35 D9 6D CA 38 ......"iY..5.m.8
      02A0: 87 D3 05 FC 94 F0 9F FD 8F 9D B8 D5 8C 5A 0B D1 .............Z..
      02B0: 39 94 B5 6F 66 8E BB 90 B4 EE 44 2D 98 4C D5 9D 9..of.....D-.L..
      02C0: 6F 66 10 2A F0 A8 BE 7C AA 0A 8D 27 08 C3 79 F0 of.*.......'..y.
      02D0: 78 C5 39 65 6F 67 E2 C9 16 47 ED 8F A6 50 B6 35 x.9eog...G...P.5
      02E0: BF 3B 6B 14 C1 74 28 48 88 BF 6E 6D 76 67 A1 E5 .;k..t(H..nmvg..
      02F0: 38 35 A9 85 0A 11 C4 27 DD C8 36 8F 87 51 BD B4 85.....'..6..Q..
      0300: 4F 48 CD 94 34 44 01 91 88 FE FD 6F 5E 4B B5 07 OH..4D.....o^K..
      0310: 59 E7 FB 49 11 E0 49 7B 3D 07 AE 31 00 79 21 42 Y..I..I.=..1.y!B
      0320: EB 91 A0 EF 21 B1 7E C7 F0 2C 29 41 2B C3 10 86 ....!....,)A+...
      0330: 52 4D 62 09 5E D9 66 24 F5 AC E5 7E 1A 01 72 A2 RMb.^.f$......r.
      0340: 30 6A 6F 65 F2 A0 64 17 02 72 37 F4 FF 11 4C 29 0joe..d..r7...L)
      0350: 48 A2 3C B1 4B 0C 46 1D 1A 83 9C 03 AE 28 AD 79 H.<.K.F......(.y
      0360: DD 9A 25 EC 0C DD 66 69 0F EE F3 20 4B 42 77 D8 ..%...fi... KBw.
      0370: 7C D5 29 FF FC 2B 69 CA 20 BC FA B7 8B 22 89 75 ..)..+i. ....".u
      0380: 35 7A C3 35 1C C2 E3 90 69 16 E1 9B E6 19 C1 D0 5z.5....i.......
      0390: AF 43 A8 32 BB 8E 3C 18 28 A6 E3 5C 54 3A D8 85 .C.2..<.(..\T:..
      03A0: 23 D3 32 B8 D8 C7 3D 2D A1 78 2C F7 EC AF AB AA #.2...=-.x,.....
      03B0: B6 22 D7 B8 7B 07 BB 01 35 75 CC A4 72 B5 64 7C ."......5u..r.d.
      03C0: DD CC F4 50 09 F1 BF B0 59 35 49 B7 B9 D3 5E C1 ...P....Y5I...^.
      03D0: 92 6A 7D 7E E7 64 EF FD 06 .j...d...
      
      Client Principal = xsqajboss@MYDOMAIN.COM
      Server Principal = krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 66 CC 4E 08 24 60 4E 55 3B 48 08 59 7B 49 86 49 f.N.$`NU;H.Y.I.I
      
      
      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Tue May 12 14:15:25 GMT-05:00 2009
      Start Time = Tue May 12 14:15:25 GMT-05:00 2009
      End Time = Wed May 13 00:15:25 GMT-05:00 2009
      Renew Till = null
      Client Addresses Null
       Private Credential: Kerberos Principal xsqajboss@MYDOMAIN.COMKey Version 3key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: C5 8C DC 62 8A 47 EC BB 70 26 A1 42 21 43 04 4B ...b.G..p&.B!C.K
      
      
      
      2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logged in 'javax.security.auth.login.LoginContext@10eb6ae' LoginContext
      2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] login
      2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Identity - xamyuser@MYDOMAIN.COM
      2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, password-stacking=useFirstPass, baseCtxDN=DC=MYDOMAIN,DC=COM, roleAttributeID=memberOf, baseFilter=(userPrincipalName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://WDCSI1A.mydomain.com, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true}
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] abort
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure
      javax.security.auth.login.LoginException: Unable to create new InitialLdapContext
       at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:485)
       at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:339)
       at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:734)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.Subject.doAs(Subject.java:337)
       at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:279)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Thread.java:619)
      Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]]
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
       at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
       at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
       at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
       at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
       at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
       at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
       at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:481)
       ... 31 more
      Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
       at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
       ... 43 more
      Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)
       at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
       at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
       at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
       ... 44 more
      Caused by: KrbException: Fail to create credential. (63) - No service creds
       at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:279)
       at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562)
       at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594)
       ... 47 more
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.common.NegotiationContext] clear 11116972
      2009-05-12 14:15:25,624 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
      


      I can't seem to figure out what is causing the above error. Any help will be greatly appreciated.