[cas-user] Spnego ERROR on CAS 5.2.0

Tue, 09 Jan 2018 00:01:09 -0800 

Hello!
I'm trying to configure Spnego on CAS 5.2.0 

I added required dependency to pom file:

<dependency>
    <groupId>org.apereo.cas</groupId>
    <artifactId>cas-server-support-spnego-webflow</artifactId>
    <version>${cas.version}</version>
</dependency>


I have an SPN account and working keytab file. I've configured krb5.conf 
and login.conf as it says in here SPNEGO-Authentication.html 
<https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html>
I configured my browsers to support Kerberos.
Here is the SPNEGO part of cas configuration file:
# SPNEGO
# cas.authn.spnego.kerberosConf=
cas.authn.spnego.mixedModeAuthentication=true
# cas.authn.spnego.cachePolicy=600
# cas.authn.spnego.timeout=300000
cas.authn.spnego.jcifsServicePrincipal=HTTP/[email protected]
# cas.authn.spnego.jcifsNetbiosWins=
cas.authn.spnego.loginConf=file:D:\\etc\\cas\\config\\login.conf
# cas.authn.spnego.ntlmAllowed=true
# cas.authn.spnego.hostNamePatternString=.+
# cas.authn.spnego.jcifsUsername=
# cas.authn.spnego.useSubjectCredsOnly=false
# cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
# cas.authn.spnego.jcifsDomainController=
# cas.authn.spnego.dnsTimeout=2000
# cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction
cas.authn.spnego.kerberosKdc=dc01.mycompany.kz
# cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader
# cas.authn.spnego.jcifsDomain=
# cas.authn.spnego.ipsToCheckPattern=127.+
# cas.authn.spnego.kerberosDebug=true
# cas.authn.spnego.send401OnAuthenticationFailure=true
cas.authn.spnego.kerberosRealm=MYCOMPANY.KZ
# cas.authn.spnego.ntlm=false
# cas.authn.spnego.principalWithDomainName=false
cas.authn.spnego.jcifsServicePassword=1q2w3e4r

When I open login page there is the next error on CAS logs:

2018-01-09 13:47:33,472 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Tue Jan 09 13:47:33 ALMT 
2018,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Tue Jan 09 13:47:33 ALMT 2018
CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
=============================================================

>
2018-01-09 13:47:33,487 DEBUG 
[org.apereo.cas.support.oauth.validator.OAuth20AuthenticationServiceSelectionStrategy]
 
- <Authentication request is not identified as an OAuth request>
2018-01-09 13:47:33,488 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <Located client IP address as [fe80:0:0:0:459b:8012:528e:462a%20]>
2018-01-09 13:47:33,490 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <User agent [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) 
Gecko/20100101 Firefox/53.0] is authorized to proceed>
2018-01-09 13:47:33,490 DEBUG 
[org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] 
- <Adaptive authentication policy has authorized client 
[fe80:0:0:0:459b:8012:528e:462a%20] to proceed.>
2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
<Evaluating request to determine if warning cookie should be generated>
2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] - 
<Evaluating request to determine if warning cookie should be generated>
2018-01-09 13:47:33,493 DEBUG 
[org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] 
- <Authentication handlers used for this transaction are 
[JcifsSpnegoAuthenticationHandler,QueryDatabaseAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler,AcceptUsersAuthenticationHandler,LdapAuthenticationHandler]>
2018-01-09 13:47:33,494 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Processing SPNEGO authentication>
2018-01-09 13:47:33,526 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Authenticated SPNEGO principal [null]>
2018-01-09 13:47:33,527 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Retrieving the next token for authentication>
2018-01-09 13:47:33,528 DEBUG 
[org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
 
- <Setting nextToken in credential>
2018-01-09 13:47:33,530 DEBUG 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, 
the processing of the SPNEGO Token failed].>
2018-01-09 13:47:33,531 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [QueryDatabaseAuthenticationHandler]>
2018-01-09 13:47:33,532 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [AcceptUsersAuthenticationHandler]>
2018-01-09 13:47:33,532 DEBUG 
[org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
 
- <Credential is not one of username/password and is not accepted by 
handler [LdapAuthenticationHandler]>
2018-01-09 13:47:33,533 ERROR 
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - 
<Authentication has failed. Credentials may be incorrect or CAS cannot find 
authentication handler that supports [unknown] of type [SpnegoCredential].>
2018-01-09 13:47:33,534 INFO 
[org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit 
trail record BEGIN
=============================================================
WHO: unknown
WHAT: Supplied credentials: [unknown]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Tue Jan 09 13:47:33 ALMT 2018
CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
=============================================================

>

Has anyone here had the same issue or knows how to solve it?
I suspect it's a bug.

Thanks.

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/7cfd9400-7e6f-4be4-b125-b609cdba15d6%40apereo.org.

Reply via email to