Software
 » 
CAS
 » 
CAS Users

 « Return to Thread: CAS SPNEGO

CAS SPNEGO

by AndrePra :: Rate this Message:

Reply to Author | View in Thread

I follow all the instructions found in the wiki and i read a lot of post in the forum to activate SSO authentication between CAS and windows primary domain. My scenario is:
CASServer (3.2.1):
Windows Xp with Tomcat 5.5.29 on jdk 1.5.0_11. This pc is outside domain. The name is casserver. Configurations file of the cas edited as described in the wiki

Client:
Windows Xp (other pc in domain) with ie 7 configured as described (the server is included in the intranet sites)

AD Server
We try with windows 2000 and windows 2003. We have created the user (casuser) and run the ktpass tool. The only diffrence is that the second support the crypto rc4-hmac-nt. In windows 2000 you can't set this crypto

Reading the log seems that the server receives the token but can't extract the Principal (Principal is null).

Can someone help me? Thanks

Here my logs

2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - jcifsServicePrincipal is set to HTTP/casserver@QUIX.LOCALE
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - jcifsServicePassword is set to *****
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - jcifsUsername is set to casuser
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - jcifsPassword is set to *****
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - jcifsDomain is set to QUIX.LOCALE
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - kerberosDebug is set to : true
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - kerberosRealm is set to :QUIX.LOCALE
2008-05-14 18:47:55,640 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - kerberosKdc is set to : 192.168.100.7
2008-05-14 18:47:55,656 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JCIFSConfig] - configured login configuration path : /WEB-INF/login.conf
2008-05-14 18:47:55,718 INFO [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas]] - Initializing Spring FrameworkServlet 'cas'
2008-05-14 18:47:56,265 DEBUG [org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] - Found action method [public org.springframework.web.servlet.ModelAndView org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.deleteRegisteredService(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-05-14 18:47:56,265 DEBUG [org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController] - Found action method [public org.springframework.web.servlet.ModelAndView org.jasig.cas.services.web.ManageRegisteredServicesMultiActionController.manage(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
2008-05-14 18:47:56,328 INFO [org.jasig.cas.web.flow.AuthenticationViaFormAction] - FormObjectClass not set.  Using default class of org.jasig.cas.authentication.principal.UsernamePasswordCredentials with formObjectName credentials and validator org.jasig.cas.validation.UsernamePasswordCredentialsValidator.
2008-05-14 18:48:02,890 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution
2008-05-14 18:48:02,890 INFO [org.jasig.cas.web.flow.InitialFlowSetupAction] - Setting path for cookies to: /cas
2008-05-14 18:48:02,890 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.
2008-05-14 18:48:02,906 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service.
2008-05-14 18:48:02,906 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success'
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Authorization header not found. Sending WWW-Authenticate header
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success'
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action 'SpnegoCredentialsAction' beginning execution
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action 'SpnegoCredentialsAction' completed execution; result is 'error'
2008-05-14 18:48:02,921 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials'
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials'
2008-05-14 18:48:02,937 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register
2008-05-14 18:48:02,953 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash
2008-05-14 18:48:02,953 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:02,953 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:02,953 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' beginning execution
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.web.support.CasArgumentExtractor] - Extractor did not generate service.
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.web.support.SamlArgumentExtractor] - Extractor did not generate service.
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.web.flow.InitialFlowSetupAction] - Action 'InitialFlowSetupAction' completed execution; result is 'success'
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Action 'SpnegoNegociateCredentialsAction' beginning execution
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Action 'SpnegoNegociateCredentialsAction' completed execution; result is 'success'
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action 'SpnegoCredentialsAction' beginning execution
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO Authorization header found with 1648 bytes
2008-05-14 18:48:03,500 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained token: `‚Î+ ‚Â0‚¾ $0" *†H‚÷ *†H†÷
+‚7
¢‚”‚?`‚Œ *†H†÷ n‚{0‚w ¡¢     £‚§a‚£0‚Ÿ ¡
 QUIX.LOCALE¢0 ¡0HTTP casserver£‚i0‚e ¢‚\‚XŽn«ñÒ‰¼­öŽXÜ:³Zõû,Ži'
B:«Si§3¤,hŸöcT„nÞ²ËH~ŽÒØ(³ ‚HQdU?4àûð$Ùˆb^!`_`çòq[©ÍL6-5rýí¢"ó¨Æ§±K‚¬ª‡Ü¯É<A¨°ÍU'HƦ^<íõNöSß©A`±3–Ààç»I•ñq‹³=?¬£Tš0yf?Ç‹OÎn¡âSÂvÒ]|Ódd |»áÚŸUHgf[ùªóZg€ý
BõlOï[RmöcA.~ú+íOÔ4û?½M؆Ò>äÎ
=ÒÎôT§@¤Vè; ‘?9²µ0f”iOÜ'ÞŽ€ÇüŽ&¯ÒòjÜ1ûã³T;Ç6²ÈÏ­ÿ e‘™rjèkGêÑ»ÃÖ¦NE–m¤ìû«Þ(¿Õ~?®\ë¦âuã1šbŒš.ËJ|7Þ€Þ!Z¸¹ágÿúpÐ{hyµíµ†’W¤÷’x†ÍcHã¾M’Ö 4žùªt…¸„^ýî1¶ˆ?7€úøIn¶4®!ªVS÷E?Ö'ÃÐãoG¸é¼'$ÜP„ö-Ø©”ЛÆ? Ç›¿ç#8Í@ äÊc“ß6rÅ?4ÂÃ?ate¯ÞÕ#,{Z—7pÃ{Õž+ÕŽû¹Ukl¦½€ùÀÊ÷ öºA»ªsK=ÛáC4),JD!’LË&Û_ê‰9?¬ --½µŽ„þjo¤è#Te‹¹üÂSä sÏ,ZUËò›ŠÆÆ?‘2¡æðéy=Ìq»ˆ?ò*("=AG£Ì_Ö`÷œœP=ÓÙµ£€˜Ôb™¶Ã€QýÀÔòÌš;Þ5"ÇñÕÝ̸lņ̃me®¯‘§ºÌ?#Ö³<ÕÔ¿ÍsSJ·ÿì8'¡–žDÒ›Ÿ»"n$1+k äKµþúã "êühO¦-9ú{½ügp Wä´?›>‰] '&¦³˜îíÓžÀùèTÐ?êøúœÖ Ö#² bc†¶LzÖíÊ?Ž†ß¡úÓÃULëgEžH¶öõPâžÖä·âôæxèC§™š¿ªCûÊÏûì6âúK= EÿW¦ê˜“— j™Jm‡ÝžbP©"Tò]&Æõ?zðzq½¿AÐj3.Çn~¤?¶0?³ ¢?«?¨.Š;ôB”Ù•œJ àãªýžK¾¯¢NkÁf‡§¼â²àvž(Ï’)QˆPb÷#VpÙa1ÑLmYåQ ´ë…¥_„KëšdŠ™Д°+·Íˆt' ì/7ZG‡ì\{„?Q•Òë?Þj9Šg<›—üÿ ÿvŠäÈòål$Dúb&Q
K©7™aÍ!j†H]IL£9õòšEOš8›ÉqhsÙ~«Yk wÜŒ
2008-05-14 18:48:03,515 DEBUG [org.jasig.cas.CentralAuthenticationServiceImpl] - Attempting to create TicketGrantingTicket for Principal is null
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Unable to obtain the output token required.
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Setting HTTP Status to 401
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Action 'SpnegoCredentialsAction' completed execution; result is 'error'
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Executing setupForm
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form object with name 'credentials'
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new instance of form object class [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials]
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form object of type [class org.jasig.cas.authentication.principal.UsernamePasswordCredentials] in scope Flow with name 'credentials'
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Creating new form errors for object with name 'credentials'
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - No property editor registrar set, no custom editors to register
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Putting form errors instance in scope Flash
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' beginning execution
2008-05-14 18:48:03,578 DEBUG [org.jasig.cas.web.flow.AuthenticationViaFormAction] - Action 'AuthenticationViaFormAction' completed execution; result is 'success'
2008-05-14 18:48:14,734 INFO [org.jasig.cas.ticket.registry.support.DefaultTicketRegistryCleaner] - Starting cleaning of expired tickets from ticket registry at [Wed May 14 18:48:14 CEST 2008]

 « Return to Thread: CAS SPNEGO

LightInTheBox - Buy quality products at wholesale price
Free Forum Powered by Nabble Forum Help