Hi,
I'm trying to do the same, but my CAS server is in a Linux station. It
looks like you changed some XML files to change webflow and beans. Can you
send me them?
Em terça-feira, 9 de janeiro de 2018 06:00:47 UTC-2, Abylay escreveu:
>
> Hello!
> I'm trying to configure Spnego on CAS 5.2.0
>
> I added required dependency to pom file:
>
> <dependency>
> <groupId>org.apereo.cas</groupId>
> <artifactId>cas-server-support-spnego-webflow</artifactId>
> <version>${cas.version}</version>
> </dependency>
>
>
> I have an SPN account and working keytab file. I've configured krb5.conf
> and login.conf as it says in here SPNEGO-Authentication.html
> <https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html>
> I configured my browsers to support Kerberos.
> Here is the SPNEGO part of cas configuration file:
> # SPNEGO
> # cas.authn.spnego.kerberosConf=
> cas.authn.spnego.mixedModeAuthentication=true
> # cas.authn.spnego.cachePolicy=600
> # cas.authn.spnego.timeout=300000
> cas.authn.spnego.jcifsServicePrincipal=HTTP/
> [email protected] <javascript:>
> # cas.authn.spnego.jcifsNetbiosWins=
> cas.authn.spnego.loginConf=file:D:\\etc\\cas\\config\\login.conf
> # cas.authn.spnego.ntlmAllowed=true
> # cas.authn.spnego.hostNamePatternString=.+
> # cas.authn.spnego.jcifsUsername=
> # cas.authn.spnego.useSubjectCredsOnly=false
> # cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
> # cas.authn.spnego.jcifsDomainController=
> # cas.authn.spnego.dnsTimeout=2000
> # cas.authn.spnego.hostNameClientActionStrategy=hostnameSpnegoClientAction
> cas.authn.spnego.kerberosKdc=dc01.mycompany.kz
> # cas.authn.spnego.alternativeRemoteHostAttribute=alternateRemoteHeader
> # cas.authn.spnego.jcifsDomain=
> # cas.authn.spnego.ipsToCheckPattern=127.+
> # cas.authn.spnego.kerberosDebug=true
> # cas.authn.spnego.send401OnAuthenticationFailure=true
> cas.authn.spnego.kerberosRealm=MYCOMPANY.KZ
> # cas.authn.spnego.ntlm=false
> # cas.authn.spnego.principalWithDomainName=false
> cas.authn.spnego.jcifsServicePassword=1q2w3e4r
>
> When I open login page there is the next error on CAS logs:
>
> 2018-01-09 13:47:33,472 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: audit:unknown
> WHAT: [event=success,timestamp=Tue Jan 09 13:47:33 ALMT
> 2018,source=RankedAuthenticationProviderWebflowEventResolver]
> ACTION: AUTHENTICATION_EVENT_TRIGGERED
> APPLICATION: CAS
> WHEN: Tue Jan 09 13:47:33 ALMT 2018
> CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> =============================================================
>
> >
> 2018-01-09 13:47:33,487 DEBUG
> [org.apereo.cas.support.oauth.validator.OAuth20AuthenticationServiceSelectionStrategy]
>
> - <Authentication request is not identified as an OAuth request>
> 2018-01-09 13:47:33,488 DEBUG
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy]
> - <Located client IP address as [fe80:0:0:0:459b:8012:528e:462a%20]>
> 2018-01-09 13:47:33,490 DEBUG
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy]
> - <User agent [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0)
> Gecko/20100101 Firefox/53.0] is authorized to proceed>
> 2018-01-09 13:47:33,490 DEBUG
> [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy]
> - <Adaptive authentication policy has authorized client
> [fe80:0:0:0:459b:8012:528e:462a%20] to proceed.>
> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] -
> <Evaluating request to determine if warning cookie should be generated>
> 2018-01-09 13:47:33,491 DEBUG [org.apereo.cas.web.support.WebUtils] -
> <Evaluating request to determine if warning cookie should be generated>
> 2018-01-09 13:47:33,493 DEBUG
> [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver]
>
> - <Authentication handlers used for this transaction are
> [JcifsSpnegoAuthenticationHandler,QueryDatabaseAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler,AcceptUsersAuthenticationHandler,LdapAuthenticationHandler]>
> 2018-01-09 13:47:33,494 DEBUG
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>
> - <Processing SPNEGO authentication>
> 2018-01-09 13:47:33,526 DEBUG
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>
> - <Authenticated SPNEGO principal [null]>
> 2018-01-09 13:47:33,527 DEBUG
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>
> - <Retrieving the next token for authentication>
> 2018-01-09 13:47:33,528 DEBUG
> [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler]
>
> - <Setting nextToken in credential>
> 2018-01-09 13:47:33,530 DEBUG
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null,
> the processing of the SPNEGO Token failed].>
> 2018-01-09 13:47:33,531 DEBUG
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>
> - <Credential is not one of username/password and is not accepted by
> handler [QueryDatabaseAuthenticationHandler]>
> 2018-01-09 13:47:33,532 DEBUG
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>
> - <Credential is not one of username/password and is not accepted by
> handler [AcceptUsersAuthenticationHandler]>
> 2018-01-09 13:47:33,532 DEBUG
> [org.apereo.cas.authentication.handler.support.AbstractUsernamePasswordAuthenticationHandler]
>
> - <Credential is not one of username/password and is not accepted by
> handler [LdapAuthenticationHandler]>
> 2018-01-09 13:47:33,533 ERROR
> [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
> <Authentication has failed. Credentials may be incorrect or CAS cannot find
> authentication handler that supports [unknown] of type [SpnegoCredential].>
> 2018-01-09 13:47:33,534 INFO
> [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit
> trail record BEGIN
> =============================================================
> WHO: unknown
> WHAT: Supplied credentials: [unknown]
> ACTION: AUTHENTICATION_FAILED
> APPLICATION: CAS
> WHEN: Tue Jan 09 13:47:33 ALMT 2018
> CLIENT IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> SERVER IP ADDRESS: fe80:0:0:0:459b:8012:528e:462a%20
> =============================================================
>
> >
>
> Has anyone here had the same issue or knows how to solve it?
> I suspect it's a bug.
>
> Thanks.
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/4ac6021b-6bbe-4687-a8bb-41c3c8a73ef1%40apereo.org.
