Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SPNEGO is not creating kerberos ticket

Baris KamisJan 8 2023

Hi.
I have implemented the SSO configuration with SPNEGO. The kerberos auth seems not working. It uses basic authentication on the browser. SSO seems working but i have an authentication problem.
Kerberos error is:
>>>KRBError:
sTime is Sun Jan 08 11:22:19 UTC 2023 1673176939000
suSec is 269328
error code is 25
error Message is Additional pre-authentication required
sname is krbtgt/EXAMPLE.NET@EXAMPLE.NET
eData provided.
msgType is 30
Krb5.conf file
[libdefaults]
default_realm = EXAMPLE.NET
default_keytab_name = FILE:C:\Tomcat 8.5\keytab.keytab
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
permitted_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true

[realms]
EXAMPLE.NET = {
kdc = example.net
default_domain = EXAMPLE.NET
}

[domain_realm]
EXAMPLE.NET = EXAMPLE.NET
.EXAMPLE.NET = EXAMPLE.NET

Comments
Post Details
Added on Jan 8 2023
1 comment
553 views