JBoss Negotiate - Error When Obtaining Ldap Context
Hi jboss developers,
I am using Jboss Negotiation 4.0.3GA and for some reason I am getting an exception when the code tries to obtain a ldap connection.
Below is the stack trace.
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Logged in 'host' LoginContext
2009-05-12 14:15:25,593 WARN [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Authentication was performed despite already being authenticated!
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getCredDelegState() = false
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getMutualAuthState() = true
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] context.getSrcName() = xamyuser@MYDOMAIN.COM
2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Result - true
2009-05-12 14:15:25,593 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] Storing username 'xamyuser@MYDOMAIN.COM' and empty password
2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] super.loginOk true
2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] initialize, instance=@6455597
2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Security domain: SPNEGO
2009-05-12 14:15:25,593 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Using GSSAPI to connect to LDAP
2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(host), size=10
2009-05-12 14:15:25,593 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=principal, value=xsqajboss@MYDOMAIN.COM
name=useKeyTab, value=true
name=storeKey, value=true
name=keyTab, value=E:\\jboss-4.2.3.GA\\server\\default\\conf\\xsqajboss.keytab
name=debug, value=true
name=doNotPrompt, value=true
2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Subject = Subject:
Principal: xsqajboss@MYDOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 03 D5 30 82 03 D1 A0 03 02 01 05 A1 0A 1B a...0...........
0010: 08 4E 45 58 55 53 2E 44 53 A2 1D 30 1B A0 03 02 .MYDOMAIN.COM..0....
0020: 01 02 A1 14 30 12 1B 06 6B 72 62 74 67 74 1B 08 ....0...krbtgt..
0030: 4E 45 58 55 53 2E 44 53 A3 82 03 9D 30 82 03 99 MYDOMAIN.COM....0...
0040: A0 03 02 01 17 A1 03 02 01 02 A2 82 03 8B 04 82 ................
0050: 03 87 3E 48 A0 02 A8 70 0E 82 D6 E1 E6 04 BD 11 ..>H...p........
0060: C8 78 C2 DC 7F 8D 27 53 B9 CA 0B FF 52 24 46 81 .x....'S....R$F.
0070: 6C 10 F5 EB 11 48 F6 72 A8 E2 98 DF DE 95 07 62 l....H.r.......b
0080: B7 E1 A1 4E 40 FA 0E 56 DB CE CA BD 71 8D 85 27 ...N@..V....q..'
0090: D3 D6 A1 10 DB 7A E8 DE A0 1C ED BD 99 29 0C ED .....z.......)..
00A0: EE 8B 37 83 5C 5A 27 73 93 4F 3E 5B 4B 40 5B 38 ..7.\Z's.O>[K@[8
00B0: E0 19 EA 7E 96 D4 B5 1B 5B BC 32 1A 3F 77 E8 9B ........[.2.?w..
00C0: 80 BC CB 51 A1 94 D0 06 C5 95 ED EE 51 9B 04 10 ...Q........Q...
00D0: 54 33 B8 83 4F F3 62 2B B2 EC 47 27 AF B9 13 6D T3..O.b+..G'...m
00E0: B5 A0 B4 06 C0 88 01 64 5F EA 54 2F 96 B0 92 61 .......d_.T/...a
00F0: CE 7E 30 C2 0F 8A D5 D3 70 21 59 7E AE 65 C0 AA ..0.....p!Y..e..
0100: F1 34 88 73 54 C1 3B 88 23 D4 9D AC 53 1A 5B 73 .4.sT.;.#...S.[s
0110: EA A8 D1 61 E0 E5 56 13 8E B4 86 FB 4D 48 9D B2 ...a..V.....MH..
0120: 24 D1 24 65 EB 6A D4 33 74 DF 96 51 A2 B9 51 79 $.$e.j.3t..Q..Qy
0130: 9E 22 A1 FA 6C 4C EE 8F 3D 38 28 34 74 4A 33 C2 ."..lL..=8(4tJ3.
0140: 03 94 89 65 0D 82 32 A5 4B 6B F9 9F AE 1F 45 A2 ...e..2.Kk....E.
0150: 6F 2D C5 34 B9 C7 80 16 DB 8B 7A A1 A7 74 83 4B o-.4......z..t.K
0160: 58 47 A2 C8 A7 6E EC BC 7A 45 E2 A5 F2 FA 8B 7F XG...n..zE......
0170: CE 36 3B 83 73 C7 70 81 0A 1E AC 8A 91 C3 C6 09 .6;.s.p.........
0180: 2E 01 6A 31 3A C9 CC 7E 0C 8B 07 D6 22 29 5F AF ..j1:.......")_.
0190: 22 95 D8 CE 0D F2 C5 E8 8E 65 18 7A 21 E9 4A 04 "........e.z!.J.
01A0: B0 2A E8 42 74 B7 75 1A F1 19 B2 75 70 E2 8A FA .*.Bt.u....up...
01B0: B7 60 46 C7 64 A7 C0 D0 78 F8 BB 2F 9A E0 C7 EA .`F.d...x../....
01C0: A6 86 B7 FF E6 D9 B2 AF 70 F3 8C F2 56 C8 84 4E ........p...V..N
01D0: BB 00 44 39 75 6D 27 0A 5E A9 E3 63 F9 9D B4 18 ..D9um'.^..c....
01E0: 5E C7 B1 69 31 90 89 23 2A 4E 34 5C FF B7 38 C2 ^..i1..#*N4\..8.
01F0: 93 90 A8 09 F3 14 63 D0 F0 DD 49 C7 D7 78 B3 8B ......c...I..x..
0200: 35 95 73 3A 3E 70 19 2A 55 09 72 7A 79 FC 13 25 5.s:>p.*U.rzy..%
0210: DC 88 D9 ED 54 6D E3 49 3D CE 35 6F BF 93 CB A5 ....Tm.I=.5o....
0220: 7D E0 D3 6B A6 EC 61 50 10 C8 C3 0C 6B A2 8B DC ...k..aP....k...
0230: 80 82 AB 7F 71 58 78 4C 81 DC 6C 2F CE 19 B6 3E ....qXxL..l/...>
0240: DB 83 47 54 B9 80 34 5C 33 40 14 5B 9F 77 2D 86 ..GT..4\3@.[.w-.
0250: D7 80 7C BD F7 A8 69 B4 C8 78 DF 30 11 39 0F B2 ......i..x.0.9..
0260: 92 8E E6 94 06 35 2A A0 4D C8 2E 4B 6B 1E AA 5B .....5*.M..Kk..[
0270: EE C5 E8 6C 24 F6 0A 17 5B 85 4A C2 8E DE 37 F2 ...l$...[.J...7.
0280: 0D 6B AA C8 38 F8 6D C0 04 93 2A E0 91 5C 5A 36 .k..8.m...*..\Z6
0290: 12 10 C9 9F B4 F0 22 69 59 D6 BD 35 D9 6D CA 38 ......"iY..5.m.8
02A0: 87 D3 05 FC 94 F0 9F FD 8F 9D B8 D5 8C 5A 0B D1 .............Z..
02B0: 39 94 B5 6F 66 8E BB 90 B4 EE 44 2D 98 4C D5 9D 9..of.....D-.L..
02C0: 6F 66 10 2A F0 A8 BE 7C AA 0A 8D 27 08 C3 79 F0 of.*.......'..y.
02D0: 78 C5 39 65 6F 67 E2 C9 16 47 ED 8F A6 50 B6 35 x.9eog...G...P.5
02E0: BF 3B 6B 14 C1 74 28 48 88 BF 6E 6D 76 67 A1 E5 .;k..t(H..nmvg..
02F0: 38 35 A9 85 0A 11 C4 27 DD C8 36 8F 87 51 BD B4 85.....'..6..Q..
0300: 4F 48 CD 94 34 44 01 91 88 FE FD 6F 5E 4B B5 07 OH..4D.....o^K..
0310: 59 E7 FB 49 11 E0 49 7B 3D 07 AE 31 00 79 21 42 Y..I..I.=..1.y!B
0320: EB 91 A0 EF 21 B1 7E C7 F0 2C 29 41 2B C3 10 86 ....!....,)A+...
0330: 52 4D 62 09 5E D9 66 24 F5 AC E5 7E 1A 01 72 A2 RMb.^.f$......r.
0340: 30 6A 6F 65 F2 A0 64 17 02 72 37 F4 FF 11 4C 29 0joe..d..r7...L)
0350: 48 A2 3C B1 4B 0C 46 1D 1A 83 9C 03 AE 28 AD 79 H.<.K.F......(.y
0360: DD 9A 25 EC 0C DD 66 69 0F EE F3 20 4B 42 77 D8 ..%...fi... KBw.
0370: 7C D5 29 FF FC 2B 69 CA 20 BC FA B7 8B 22 89 75 ..)..+i. ....".u
0380: 35 7A C3 35 1C C2 E3 90 69 16 E1 9B E6 19 C1 D0 5z.5....i.......
0390: AF 43 A8 32 BB 8E 3C 18 28 A6 E3 5C 54 3A D8 85 .C.2..<.(..\T:..
03A0: 23 D3 32 B8 D8 C7 3D 2D A1 78 2C F7 EC AF AB AA #.2...=-.x,.....
03B0: B6 22 D7 B8 7B 07 BB 01 35 75 CC A4 72 B5 64 7C ."......5u..r.d.
03C0: DD CC F4 50 09 F1 BF B0 59 35 49 B7 B9 D3 5E C1 ...P....Y5I...^.
03D0: 92 6A 7D 7E E7 64 EF FD 06 .j...d...
Client Principal = xsqajboss@MYDOMAIN.COM
Server Principal = krbtgt/MYDOMAIN.COM@MYDOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 66 CC 4E 08 24 60 4E 55 3B 48 08 59 7B 49 86 49 f.N.$`NU;H.Y.I.I
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Tue May 12 14:15:25 GMT-05:00 2009
Start Time = Tue May 12 14:15:25 GMT-05:00 2009
End Time = Wed May 13 00:15:25 GMT-05:00 2009
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal xsqajboss@MYDOMAIN.COMKey Version 3key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C5 8C DC 62 8A 47 EC BB 70 26 A1 42 21 43 04 4B ...b.G..p&.B!C.K
2009-05-12 14:15:25,608 DEBUG [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logged in 'javax.security.auth.login.LoginContext@10eb6ae' LoginContext
2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] login
2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Identity - xamyuser@MYDOMAIN.COM
2009-05-12 14:15:25,608 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, roleNameAttributeID=cn, password-stacking=useFirstPass, baseCtxDN=DC=MYDOMAIN,DC=COM, roleAttributeID=memberOf, baseFilter=(userPrincipalName={0}), jboss.security.security_domain=SPNEGO, bindAuthentication=GSSAPI, java.naming.provider.url=ldap://WDCSI1A.mydomain.com, roleAttributeIsDN=true, jaasSecurityDomain=host, java.naming.security.authentication=GSSAPI, recurseRoles=true}
2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] abort
2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] abort
2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Login failure
javax.security.auth.login.LoginException: Unable to create new InitialLdapContext
at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:485)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.innerLogin(AdvancedLdapLoginModule.java:339)
at org.jboss.security.negotiation.AdvancedLdapLoginModule$AuthorizeAction.run(AdvancedLdapLoginModule.java:734)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.login(AdvancedLdapLoginModule.java:279)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]]
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:150)
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:214)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2667)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:288)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
at javax.naming.InitialContext.init(InitialContext.java:223)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
at org.jboss.security.negotiation.AdvancedLdapLoginModule.constructLdapContext(AdvancedLdapLoginModule.java:481)
... 31 more
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:194)
at com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:105)
... 43 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:663)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:175)
... 44 more
Caused by: KrbException: Fail to create credential. (63) - No service creds
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:279)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:562)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:594)
... 47 more
2009-05-12 14:15:25,624 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, false
2009-05-12 14:15:25,624 TRACE [org.jboss.security.negotiation.common.NegotiationContext] clear 11116972
2009-05-12 14:15:25,624 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
I can't seem to figure out what is causing the above error. Any help will be greatly appreciated.