spnego

问题 In order to do client-side HTTP SPNEGO authentication with Java on Windows you need to set the Windows Registry key allowtgtsessionkey. This is well documented. What I do not understand is how people get around this? Most corporate sites would never accept to change this registry key in Windows for the sake of a single piece of software. Also think about the hassle if this needs to be changed on every workstation in the organization. But that's just theory because I've so far been unable to

问题 I can't seem to correctly configure the system and have the browser send a kerberos ticket to the web-server. Instead, a NTLM token is sent. Q: How can I solve this? All details and configurations are listed below. Infrastructure: I have three machines within the domain COMPANY.local : PC-I7.COMPANY.local (on 192.168.0.5 ). It acts as KDC , it's an Active-Directory server with the other machines (see below) registered in the AD. Also has the DNS for the local network configured. The domain in

问题 We are having trouble getting Kerberos/AD authentication to work with a Spring webapp, and I believe the problem has to do with encryption types for the Kerberos tickets and the Active Directory domain functional level. The basic setup is: Tomcat 7 Java 1.6 (29) Windows Server 2008 R2 Spring 3.0 Spring Security Kerberos/Spnego extension M2 detailed here: http://blog.springsource.com/2009/09/28/spring-security-kerberos/ I have one environment where the Active Directory domain functional level

问题 Team, I am trying to implement SSO for a WAS7 based web application using Kerberos & SPNEGO. I am almost done with the configuration. I have few doubts on Kerberos. When I execute the command klist , following is the output. Ticket cache: FILE:/tmp/krb5cc_38698 Default principal: pocsso1@POC.MAIL.COM Valid starting Expires Service principal 01/09/2014 16:15 02/09/2014 02:21 krbtgt/POC.MAIL.COM@POC.MAIL.COM renew until 08/09/2014 16:15 My Question is "what expires and renew indicates here.?"

问题 We are facing an interesting problem. Users login to application with Kerberos authentication. Few times they are successful, but suddenly they face lockout for their user login information and they see the error below on their screen Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre-authentication information was invalid Stack Trace : javax.security.auth.login.FailedLoginException: Login error: com.ibm.security.krb5.KrbException, status code: 24 message: Pre

问题 I have to write a custom Jaspic ServerAuthModule (which needs to add a proprietary Authentication Cookie to the HTTP Response AND HTTP Request to be propagated to the applications running on the App Server). The Authentication must be done using Kerberos, SPNEGO. The Application Server to be used is JBOSS EAP 6.4.x I managed to get the Authentication using the JAAS Krb5LoginModule working. The JBOSS EAP Standone.xml I use: <security-domain name="host" cache-type="default"> <authentication>

问题 I'm newbie in this topic. I need help to implement the authentication Java SSO for a web application over Tomcat 6.0.29. I have read about SPNEGO and proven the examples helloKDC.java and hello_spnego.jsp at http://spnego.sourceforge.net/ wich worked well,but I don't know what are the steps I have to follow for implement the solution. i.e. is enough to get the name of remote user? or I have to do something else for assure its identity and keep on the session of the current user?. 来源： https:/

问题 I configured IBM WebSphere Portal 6.1 on WAS7: SPNEGO, ssl with self signed certificate, default http transport (without Web Server) and changed default ports 10039, 10029 to 80, 443. After that SPNEGO works fine on http, on https displayed standard login form. Where there may be a mistake? 回答1: Did you take a look at this document: WebSphere Portal Windows SSO w/SPNEGO Mapping the user to the Kerberos Service Principal Name (SPN) When you run the setspn and the ltpass commands there should

问题 I would like to configure Tomcat to be able to connect to AD and authenticate users accordingly. In addition, I would also like to invoke some web services (in this case, Share Point) using the client credentials. So far, I've managed to successfully configure Tomcat to use SPNEGO authentication, as described in the tutorial at http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html. Note that I have used Tomcat's SPNEGO authentication (not Source Forge's or Waffle). I did not use

问题 I'm trying to establish a connection using kerberos authentication. I think the question I have does not depend on the type of server (in my case it's a cognos tm1 server) nor the language (in my case R with use of the package httr (or RCurl)) since it's more a general http(s) thing. I do not have much experience using kerberos. According to my understanding there is some negotiation between the client and server following the following steps (here get-requests). The only thin I need to pass