Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

SPNEGO is not creating kerberos ticket

Baris KamisJan 8 2023

Hi.
I have implemented the SSO configuration with SPNEGO. The kerberos auth seems not working. It uses basic authentication on the browser. SSO seems working but i have an authentication problem.
Kerberos error is:
>>>KRBError:
sTime is Sun Jan 08 11:22:19 UTC 2023 1673176939000
suSec is 269328
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/EXAMPLE.NET@EXAMPLE.NET
eData provided.
msgType is 30
Krb5.conf file
[libdefaults]
default_realm = EXAMPLE.NET
default_keytab_name = FILE:C:\Tomcat 8.5\keytab.keytab
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
permitted_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true

[realms]
EXAMPLE.NET = {
kdc = example.net
default_domain = EXAMPLE.NET
}

[domain_realm]
EXAMPLE.NET = EXAMPLE.NET
.EXAMPLE.NET = EXAMPLE.NET

Added on Jan 8 2023

#kerberos-java-gss-jgss

1 comment

465 views

Java Security

SPNEGO is not creating kerberos ticket

Comments

Post Details