Done. #1946 Le 11/08/2016 à 22:27, Misagh Moayyed a écrit : > Possibly. Could you issue a pull with the updates you have in mind to > the docs? > > -- > Misagh > > From: Philippe MARASSE <[email protected]> > <mailto:[email protected]> > Reply: Philippe MARASSE <[email protected]> > <mailto:[email protected]> > Date: August 11, 2016 at 8:45:31 AM > To: [email protected] <[email protected]> <mailto:[email protected]> > Subject: Re: [cas-user] CAS 5.0.0 SPNEGO issue > >> Today, it works a little better : I get 401, my browser send its >> ticket... but no authentication : >> >> Caused by: KrbException: Invalid argument (400) - Cannot find key of >> appropriate type to decrypt AP REP - RC4 with HMAC >> >> I have to declare my keytab as default keytab in /etc/krb5.conf to get >> authenticated (keytab is read *before* login.conf) ! It was not >> necessary with CASv3.5. >> >> If my keytab is not declared in /etc/krb5.conf, login.conf is not read >> either, why ?? >> >> Last test, with only a few parameters : >> >> cas.authn.spnego.kerberosConf=/etc/krb5.conf >> cas.authn.spnego.mixedModeAuthentication=false >> cas.authn.spnego.jcifsServicePrincipal=HTTP/[email protected] >> >> cas.authn.spnego.ntlmAllowed=false >> cas.authn.spnego.hostNamePatternString=.+ >> cas.authn.spnego.supportedBrowsers=MSIE,Firefox,AppleWebKit >> cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction >> cas.authn.spnego.ipsToCheckPattern=172.+ >> cas.authn.spnego.send401OnAuthenticationFailure=false >> cas.authn.spnego.principalWithDomainName=false >> >> it works... >> >> Is the documentation needing update ? >> >> Regards. >> >> Le 10/08/2016 à 17:42, Philippe MARASSE a écrit : >> > Folks, >> > >> > I'm testing my freshly installed cas 5.0.0RC1-SNAPSHOT with SPNEGO, >> > following instructions at >> > >> https://apereo.github.io/cas/development/installation/SPNEGO-Authentication.html >> > >> > Everything looks right at tomcat startup (krb5 princpal (fixed @, kdc, >> > etc.), My browser get a 401 with WWW-Authenticate: Negotiate as >> > expected. So it sends its Authorization: Negotiate header, but CAS >> does >> > not seem to catch the header (see attached catalina.out log file) and >> > throws a NullPointerException. >> > >> > Tomcat is behind Apache + mod_jk, packetSize has been increased to >> 16k. >> > >> > Am I missing something ? >> > >> > Regards. >> > >> >> -- >> Philippe MARASSE >> >> Responsable pôle Infrastructures - DSIO >> Centre Hospitalier Henri Laborit >> CS 10587 - 370 avenue Jacques Cœur >> 86021 Poitiers Cedex >> Tel : 05.49.44.57.19 >> >> -- >> You received this message because you are subscribed to the Google >> Groups "CAS Community" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at >> https://groups.google.com/a/apereo.org/group/cas-user/. >> To view this discussion on the web visit >> https://groups.google.com/a/apereo.org/d/msgid/cas-user/e1b3772b-8210-abf7-5151-3b85dd10e5ef%40ch-poitiers.fr. >> For more options, visit https://groups.google.com/a/apereo.org/d/optout. > -- > You received this message because you are subscribed to the Google > Groups "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] > <mailto:[email protected]>. > To post to this group, send email to [email protected] > <mailto:[email protected]>. > Visit this group at > https://groups.google.com/a/apereo.org/group/cas-user/. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57acdf96.21f89478.295c%40unicon.net > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/etPan.57acdf96.21f89478.295c%40unicon.net?utm_medium=email&utm_source=footer>. > For more options, visit https://groups.google.com/a/apereo.org/d/optout.
-- Philippe MARASSE Responsable pôle Infrastructures - DSIO Centre Hospitalier Henri Laborit CS 10587 - 370 avenue Jacques Cœur 86021 Poitiers Cedex Tel : 05.49.44.57.19 -- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/a/apereo.org/group/cas-user/. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/1d923cb3-437f-46cc-2aed-248c4ebb9541%40ch-poitiers.fr. For more options, visit https://groups.google.com/a/apereo.org/d/optout.
