IdentifiantMot de passe
Mot de passe oublié ?Je m'inscris ! (gratuit)
Navigation

Inscrivez-vous gratuitement
pour pouvoir participer, suivre les réponses en temps réel, voter pour les messages, poser vos propres questions et recevoir la newsletter

Portails Java Discussion :

Implémentation de SPNEGO (exo) [eXo Portal]


Sujet :

Portails Java

Vue hybride

Message précédent Message précédent   Message suivant Message suivant
  1. 28/01/2013, 17h22 #1
    seb974
    seb974 est déconnecté
    Membre averti
    Inscrit en
    Août 2007
    Messages
    56
    Détails du profil
    Informations forums :
    Inscription : Août 2007
    Messages : 56
    Par défaut Implémentation de SPNEGO (exo)
    Bonjour,

    Je souhaite configurer du SSO en utilisant SPNEGO sur un portail eXo. Le problème c'est que j'obtiens une redirection infinie lorsque j'ai tout configuré.

    Voici mon environnement:
    - Windows 2008 R2 avec Active Directory
    - Debian : eXo Platform 3.5.4 sous JBoss EAP 5.1

    Domaine : TESTMITECH.LAN

    Concernant l'encryption Kerberos, j'ai activé RC4_HMAC dans le Local Security Setting puis gpupdate /force.

    Ensuite, j'ai ajouté un utilisateur "exosso". Je n'ai rien coché sauf : Password never expires.

    J'ai ensuite modifié sa Delegation pour sélectionner :
    - "Trust this user for delegation to any service (Kerberos)".
    J'ai ensuite modifier l'attribut userPrincipalName pour mettre :
    - "HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN

    Je génère ensuite le keytab en RC4-HMAC :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    C:\Users\Administrator>ktpass -princ HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN -pass P@ssw0rd -mapuser TESTMITECH\exosso -crypto RC4-HMAC-NT -ptype KRB5_NT_PRINCIPAL -out c:\temp\exo.keytab -kvno 0
Targeting domain controller: WIN-VTUT3UQANQM.testmitech.lan
Successfully mapped HTTP/WIN-VTUT3UQANQM.testmitech.lan to exosso.
Password succesfully set!
Key created.
Output keytab to c:\temp\exo.keytab:
Keytab version: 0x502
keysize 85 HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x17 (RC4-HMAC) keylength 16 (0xe19ccf75ee54e06b06a5907af13cef42)
    Et set le spn pour l'utilisateur exosso :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    C:\Users\Administrator>setspn -A HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN TESTMITECH\exosso
Registering ServicePrincipalNames for CN=exosso,CN=Users,DC=testmitech,DC=lan
        HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN
Updated object
    Pour l'installation de eXo sous Debian/JBoss, j'ai suivi la documentation officielle : http://docs.exoplatform.com/PLF35/to...Boss_EARS.html

    J'ai ensuite connecté mon eXo à l'active directory (en readonly), synchronisé les utilisateurs (en utilisant REST) et vérifié que je pouvais m'identifier avec les utilisateurs du domaine.

    Pour la partie SSO, j'ai aussi suivi la documentation officielle : http://docs.exoplatform.com/PLF35/in...iguration.html

    Voici ce que cela donne :

    extrait du fichier login-config.xml :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    <!-- SPNEGO domain -->
<application-policy name="host">
  <authentication>
	<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
	  <module-option name="storeKey">true</module-option>
	  <module-option name="useKeyTab">true</module-option>
	  <module-option name="principal">HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN</module-option>
	  <module-option name="keyTab">/etc/exo.keytab</module-option>
	  <module-option name="doNotPrompt">true</module-option>
	  <module-option name="debug">true</module-option>
	</login-module>
  </authentication>
 </application-policy>
    extrait du fichier gatein-jboss-beans.xml :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    <application-policy xmlns="urn:jboss:security-beans:1.0" name="gatein-domain">
	<authentication>
	 <login-module
		 code="org.gatein.sso.spnego.SPNEGOLoginModule"
		 flag="requisite">
		 <module-option name="password-stacking">useFirstPass</module-option>
		 <module-option name="serverSecurityDomain">host</module-option>
		 <module-option name="removeRealmFromPrincipal">true</module-option>
		 <module-option name="usernamePasswordDomain">gatein-form-auth-domain</module-option>
	  </login-module>
	  <login-module
		 code="org.gatein.sso.agent.login.SPNEGORolesModule"
		 flag="required">
		<module-option name="password-stacking">useFirstPass</module-option>
		<module-option name="portalContainerName">portal</module-option>
		<module-option name="realmName">gatein-domain</module-option>
	  </login-module>
	</authentication>
</application-policy>
    extrait du fichier web.xml :
    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    <filter>
  <filter-name>LoginRedirectFilter</filter-name>
  <filter-class>org.gatein.sso.agent.filter.LoginRedirectFilter</filter-class>
  <init-param>
  <!-- This should point to your SSO authentication server -->
	<param-name>LOGIN_URL</param-name>
	<param-value>/portal/private</param-value>
  </init-param>
</filter>
 
<filter>
 <filter-name>SPNEGOFilter</filter-name>
 <filter-class>org.gatein.sso.agent.filter.SPNEGOFilter</filter-class>
</filter>
 
<filter-mapping>
  <filter-name>LoginRedirectFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
 
<filter-mapping>
  <filter-name>SPNEGOFilter</filter-name>
  <url-pattern>/login</url-pattern>
</filter-mapping>
    J'ai testé par la même occasion que je pouvais récupérer un ticket sur le Debian en utilisant la commande suivante (ticket que j'ai détruit ensuite) :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    root@VM-test:/etc# kinit -k -t /etc/exo.keytab HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN
root@VM-test:/etc# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN

Valid starting     Expires            Service principal
01/25/13 12:09:22  01/25/13 22:09:57  krbtgt/TESTMITECH.LAN@TESTMITECH.LAN
        renew until 01/26/13 12:09:22
    Je suis ensuite passé sur un ordinateur de mon domaine. Je m'authentifie en tant que Administrator et configure mes navigateurs.

    Sous Firefox par exemple :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    network.negotiate-auth.allow-proxies = true
network.negotiate-auth.delegation-uris = .testmitech.lan
network.negotiate-auth.gsslib (no-value)
network.negotiate-auth.trusted-uris = .testmitech.lan
network.negotiate-auth.using-native-gsslib = true
    Voici ce que j'obtiens au niveau du log quand j'essaies de m'authentifier :

    Code : Sélectionner tout - Visualiser dans une fenêtre à part
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81
    82
    83
    84
    85
    86
    87
    88
    89
    90
    91
    92
    93
    94
    95
    96
    97
    98
    99
    100
    101
    102
    103
    104
    105
    106
    107
    108
    109
    110
    111
    112
    113
    114
    115
    116
    117
    118
    119
    120
    121
    122
    123
    124
    125
    126
    127
    128
    129
    130
    131
    132
    133
    134
    135
    136
    137
    138
    139
    140
    141
    142
    143
    144
    145
    146
    147
    148
    149
    150
    151
    152
    153
    154
    155
    156
    157
    158
    159
    160
    161
    162
    163
    164
    165
    166
    167
    168
    169
    170
    171
    172
    173
    174
    175
    176
    177
    178
    179
    180
    181
    182
    183
    184
    185
    186
    187
    188
    189
    190
    191
    192
    193
    14:01:24,482 INFO  [ServerImpl] JBoss (Microcontainer) [5.1.0 (build: SVNTag=JBPAPP_5_1_0 date=201009150028)] Started in 3m:58s:464ms
14:02:03,372 INFO  [STDOUT] Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/exo.keytab refreshKrb5Config is false principal is HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN tryFirstPass is false useFirstPass is false storePass is false clearPass is false
14:02:03,376 INFO  [STDOUT] >>> KeyTabInputStream, readName(): TESTMITECH.LAN
14:02:03,376 INFO  [STDOUT] >>> KeyTabInputStream, readName(): HTTP
14:02:03,376 INFO  [STDOUT] >>> KeyTabInputStream, readName(): WIN-VTUT3UQANQM.testmitech.lan
14:02:03,377 INFO  [STDOUT] >>> KeyTab: load() entry length: 85; type: 23
14:02:03,377 INFO  [STDOUT] Added key: 23version: 0
14:02:03,378 INFO  [STDOUT] Ordering keys wrt default_tkt_enctypes list
14:02:03,379 INFO  [STDOUT] Config name: /etc/krb5.conf
14:02:03,379 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,379 INFO  [STDOUT]  23
14:02:03,379 INFO  [STDOUT] .
14:02:03,380 INFO  [STDOUT] 0: EncryptionKey: keyType=23 kvno=0 keyValue (hex dump)=
0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,380 INFO  [STDOUT] principal's key obtained from the keytab
14:02:03,380 INFO  [STDOUT] Acquire TGT using AS Exchange
14:02:03,382 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,382 INFO  [STDOUT]  23
14:02:03,382 INFO  [STDOUT] .
14:02:03,382 INFO  [STDOUT] >>> KrbAsReq calling createMessage
14:02:03,382 INFO  [STDOUT] >>> KrbAsReq in createMessage
14:02:03,384 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000, number of retries =3, #bytes=171
14:02:03,386 INFO  [STDOUT] >>> KDCCommunication: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000,Attempt =1, #bytes=171
14:02:03,387 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=185
14:02:03,387 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=185
14:02:03,388 INFO  [STDOUT] >>> KdcAccessibility: remove WIN-VTUT3UQANQM.testmitech.lan
14:02:03,388 INFO  [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
14:02:03,389 INFO  [STDOUT] >>>KRBError:
14:02:03,389 INFO  [STDOUT]      sTime is Fri Jan 25 14:00:36 CET 2013 1359118836000
14:02:03,389 INFO  [STDOUT]      suSec is 531830
14:02:03,389 INFO  [STDOUT]      error code is 25
14:02:03,390 INFO  [STDOUT]      error Message is Additional pre-authentication required
14:02:03,390 INFO  [STDOUT]      realm is TESTMITECH.LAN
14:02:03,390 INFO  [STDOUT]      sname is krbtgt/TESTMITECH.LAN
14:02:03,390 INFO  [STDOUT]      eData provided.
14:02:03,390 INFO  [STDOUT]      msgType is 30
14:02:03,390 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,390 INFO  [STDOUT]      PA-DATA type = 11
14:02:03,390 INFO  [STDOUT]      PA-ETYPE-INFO etype = 23
14:02:03,390 INFO  [STDOUT]      PA-ETYPE-INFO salt =
14:02:03,390 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,390 INFO  [STDOUT]      PA-DATA type = 19
14:02:03,391 INFO  [STDOUT]      PA-ETYPE-INFO2 etype = 23
14:02:03,391 INFO  [STDOUT]      PA-ETYPE-INFO2 salt = null
14:02:03,391 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,391 INFO  [STDOUT]      PA-DATA type = 2
14:02:03,391 INFO  [STDOUT]      PA-ENC-TIMESTAMP
14:02:03,391 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,391 INFO  [STDOUT]      PA-DATA type = 16
14:02:03,391 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,391 INFO  [STDOUT]      PA-DATA type = 15
14:02:03,391 INFO  [STDOUT] AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
14:02:03,391 INFO  [STDOUT] >>>KrbAsReq salt is TESTMITECH.LANHTTPWIN-VTUT3UQANQM.testmitech.lan
14:02:03,391 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,391 INFO  [STDOUT]  23
14:02:03,392 INFO  [STDOUT] .
14:02:03,392 INFO  [STDOUT] Pre-Authenticaton: find key for etype = 23
14:02:03,392 INFO  [STDOUT] AS-REQ: Add PA_ENC_TIMESTAMP now
14:02:03,393 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,397 INFO  [STDOUT] >>> KrbAsReq calling createMessage
14:02:03,397 INFO  [STDOUT] >>> KrbAsReq in createMessage
14:02:03,397 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000, number of retries =3, #bytes=254
14:02:03,397 INFO  [STDOUT] >>> KDCCommunication: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000,Attempt =1, #bytes=254
14:02:03,398 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=100
14:02:03,398 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=100
14:02:03,398 INFO  [STDOUT] >>> KdcAccessibility: remove WIN-VTUT3UQANQM.testmitech.lan
14:02:03,398 INFO  [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
14:02:03,399 INFO  [STDOUT] >>>KRBError:
14:02:03,399 INFO  [STDOUT]      sTime is Fri Jan 25 14:00:36 CET 2013 1359118836000
14:02:03,399 INFO  [STDOUT]      suSec is 547455
14:02:03,399 INFO  [STDOUT]      error code is 52
14:02:03,399 INFO  [STDOUT]      error Message is Response too big for UDP, retry with TCP
14:02:03,399 INFO  [STDOUT]      realm is TESTMITECH.LAN
14:02:03,399 INFO  [STDOUT]      sname is krbtgt/TESTMITECH.LAN
14:02:03,399 INFO  [STDOUT]      msgType is 30
14:02:03,399 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan TCP:88, timeout=30000, number of retries =3, #bytes=254
14:02:03,401 INFO  [STDOUT] >>>DEBUG: TCPClient reading 1513 bytes
14:02:03,401 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=1513
14:02:03,401 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=1513
14:02:03,401 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,403 INFO  [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HTTP/WIN-VTUT3UQANQM.testmitech.lan
14:02:03,403 INFO  [STDOUT] principal is HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN
14:02:03,403 INFO  [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,405 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LANKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,405 INFO  [STDOUT]             [Krb5LoginModule] added Krb5Principal  HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN to Subject
14:02:03,406 INFO  [STDOUT] Commit Succeeded
14:02:03,419 INFO  [STDOUT]             [Krb5LoginModule]: Entering logout
14:02:03,419 INFO  [STDOUT]             [Krb5LoginModule]: logged out Subject
14:02:03,436 INFO  [STDOUT] Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /etc/exo.keytab refreshKrb5Config is false principal is HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN tryFirstPass is false useFirstPass is false storePass is false clearPass is false
14:02:03,436 INFO  [STDOUT] KeyTab instance already exists
14:02:03,436 INFO  [STDOUT] Added key: 23version: 0
14:02:03,436 INFO  [STDOUT] Ordering keys wrt default_tkt_enctypes list
14:02:03,436 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,436 INFO  [STDOUT]  23
14:02:03,436 INFO  [STDOUT] .
14:02:03,436 INFO  [STDOUT] 0: EncryptionKey: keyType=23 kvno=0 keyValue (hex dump)=
0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,437 INFO  [STDOUT] principal's key obtained from the keytab
14:02:03,437 INFO  [STDOUT] Acquire TGT using AS Exchange
14:02:03,437 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,437 INFO  [STDOUT]  23
14:02:03,437 INFO  [STDOUT] .
14:02:03,437 INFO  [STDOUT] >>> KrbAsReq calling createMessage
14:02:03,437 INFO  [STDOUT] >>> KrbAsReq in createMessage
14:02:03,437 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000, number of retries =3, #bytes=171
14:02:03,437 INFO  [STDOUT] >>> KDCCommunication: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000,Attempt =1, #bytes=171
14:02:03,439 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=185
14:02:03,439 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=185
14:02:03,439 INFO  [STDOUT] >>> KdcAccessibility: remove WIN-VTUT3UQANQM.testmitech.lan
14:02:03,439 INFO  [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
14:02:03,439 INFO  [STDOUT] >>>KRBError:
14:02:03,439 INFO  [STDOUT]      sTime is Fri Jan 25 14:00:36 CET 2013 1359118836000
14:02:03,439 INFO  [STDOUT]      suSec is 594330
14:02:03,440 INFO  [STDOUT]      error code is 25
14:02:03,440 INFO  [STDOUT]      error Message is Additional pre-authentication required
14:02:03,440 INFO  [STDOUT]      realm is TESTMITECH.LAN
14:02:03,440 INFO  [STDOUT]      sname is krbtgt/TESTMITECH.LAN
14:02:03,440 INFO  [STDOUT]      eData provided.
14:02:03,440 INFO  [STDOUT]      msgType is 30
14:02:03,440 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,440 INFO  [STDOUT]      PA-DATA type = 11
14:02:03,440 INFO  [STDOUT]      PA-ETYPE-INFO etype = 23
14:02:03,440 INFO  [STDOUT]      PA-ETYPE-INFO salt =
14:02:03,440 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,440 INFO  [STDOUT]      PA-DATA type = 19
14:02:03,440 INFO  [STDOUT]      PA-ETYPE-INFO2 etype = 23
14:02:03,440 INFO  [STDOUT]      PA-ETYPE-INFO2 salt = null
14:02:03,440 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,440 INFO  [STDOUT]      PA-DATA type = 2
14:02:03,440 INFO  [STDOUT]      PA-ENC-TIMESTAMP
14:02:03,440 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,441 INFO  [STDOUT]      PA-DATA type = 16
14:02:03,441 INFO  [STDOUT] >>>Pre-Authentication Data:
14:02:03,441 INFO  [STDOUT]      PA-DATA type = 15
14:02:03,441 INFO  [STDOUT] AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
14:02:03,441 INFO  [STDOUT] >>>KrbAsReq salt is TESTMITECH.LANHTTPWIN-VTUT3UQANQM.testmitech.lan
14:02:03,441 INFO  [STDOUT] default etypes for default_tkt_enctypes:
14:02:03,441 INFO  [STDOUT]  23
14:02:03,441 INFO  [STDOUT] .
14:02:03,441 INFO  [STDOUT] Pre-Authenticaton: find key for etype = 23
14:02:03,441 INFO  [STDOUT] AS-REQ: Add PA_ENC_TIMESTAMP now
14:02:03,441 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,442 INFO  [STDOUT] >>> KrbAsReq calling createMessage
14:02:03,442 INFO  [STDOUT] >>> KrbAsReq in createMessage
14:02:03,442 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000, number of retries =3, #bytes=254
14:02:03,442 INFO  [STDOUT] >>> KDCCommunication: kdc=WIN-VTUT3UQANQM.testmitech.lan UDP:88, timeout=30000,Attempt =1, #bytes=254
14:02:03,443 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=100
14:02:03,443 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=100
14:02:03,443 INFO  [STDOUT] >>> KdcAccessibility: remove WIN-VTUT3UQANQM.testmitech.lan
14:02:03,443 INFO  [STDOUT] >>> KDCRep: init() encoding tag is 126 req type is 11
14:02:03,443 INFO  [STDOUT] >>>KRBError:
14:02:03,443 INFO  [STDOUT]      sTime is Fri Jan 25 14:00:36 CET 2013 1359118836000
14:02:03,443 INFO  [STDOUT]      suSec is 594330
14:02:03,443 INFO  [STDOUT]      error code is 52
14:02:03,443 INFO  [STDOUT]      error Message is Response too big for UDP, retry with TCP
14:02:03,443 INFO  [STDOUT]      realm is TESTMITECH.LAN
14:02:03,443 INFO  [STDOUT]      sname is krbtgt/TESTMITECH.LAN
14:02:03,443 INFO  [STDOUT]      msgType is 30
14:02:03,443 INFO  [STDOUT] >>> KrbKdcReq send: kdc=WIN-VTUT3UQANQM.testmitech.lan TCP:88, timeout=30000, number of retries =3, #bytes=254
14:02:03,445 INFO  [STDOUT] >>>DEBUG: TCPClient reading 1513 bytes
14:02:03,445 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=1513
14:02:03,445 INFO  [STDOUT] >>> KrbKdcReq send: #bytes read=1513
14:02:03,446 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,452 INFO  [STDOUT] >>> KrbAsRep cons in KrbAsReq.getReply HTTP/WIN-VTUT3UQANQM.testmitech.lan
14:02:03,452 INFO  [STDOUT] principal is HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN
14:02:03,452 INFO  [STDOUT] EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,453 INFO  [STDOUT] Added server's keyKerberos Principal HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LANKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: E1 9C CF 75 EE 54 E0 6B   06 A5 90 7A F1 3C EF 42  ...u.T.k...z.<.B
14:02:03,453 INFO  [STDOUT]             [Krb5LoginModule] added Krb5Principal  HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN to Subject
14:02:03,453 INFO  [STDOUT] Commit Succeeded
14:02:03,487 INFO  [STDOUT] Found key for HTTP/WIN-VTUT3UQANQM.testmitech.lan@TESTMITECH.LAN(23)
14:02:03,488 INFO  [STDOUT] Entered Krb5Context.acceptSecContext with state=STATE_NEW
14:02:03,490 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,492 INFO  [STDOUT] Using builtin default etypes for permitted_enctypes
14:02:03,492 INFO  [STDOUT] default etypes for permitted_enctypes:
14:02:03,492 INFO  [STDOUT]  3
14:02:03,495 INFO  [STDOUT]  1
14:02:03,495 INFO  [STDOUT]  23
14:02:03,495 INFO  [STDOUT]  16
14:02:03,495 INFO  [STDOUT]  17
14:02:03,495 INFO  [STDOUT] .
14:02:03,495 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,499 INFO  [STDOUT] >>> Config try resetting default kdc TESTMITECH.LAN
14:02:03,499 INFO  [STDOUT] replay cache for Administrator@TESTMITECH.LAN is null.
14:02:03,500 INFO  [STDOUT] object 0: 1359118836577/577174
14:02:03,500 INFO  [STDOUT] object 0: 1359118836577/577174
14:02:03,500 INFO  [STDOUT] >>> KrbApReq: authenticate succeed.
14:02:03,501 INFO  [STDOUT] Krb5Context setting peerSeqNumber to: 2115409478
14:02:03,502 INFO  [STDOUT] >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
14:02:03,503 INFO  [STDOUT] Krb5Context setting mySeqNumber to: 749960489
14:02:03,504 INFO  [STDOUT]             [Krb5LoginModule]: Entering logout
14:02:03,504 INFO  [STDOUT]             [Krb5LoginModule]: logged out Subject
    Tout semble ok, mais au niveau du navigateur, j'obtiens des erreurs HTTP 302 :



    J'ai l'impression que le module SPNEGOn'est jamais appelé ou qu'il n'est pas trouvé ?

    Ci-joint les librairies que j'utilise :
    - spnego-1.1.1-GA
    - sso-agent-1.3.0.Final
    - jboss-negotiation-2.0.4.GA : https://repository.jboss.org/nexus/c...n-2.0.4.GA.jar

    Auriez-vous une idée aussi infime soit-elle du pourquoi du comment svp?
    Répondre avec citation Répondre avec citation   0  0
  2. 29/01/2013, 10h10 #2
    seb974
    seb974 est déconnecté
    Membre averti
    Inscrit en
    Août 2007
    Messages
    56
    Détails du profil
    Informations forums :
    Inscription : Août 2007
    Messages : 56
    Par défaut
    J'ai finalement résolu le problème en prenant une autre version de librairie pour spnego et sso-aggent : 1.1.0.GA.
    Répondre avec citation Répondre avec citation   0  0
+ Répondre à la discussion
Cette discussion est résolue.
ActualitésFAQs Java WebTutoriels Java WebLivres Java WebSources JavaOutils, EDI & API JavaJavaSearch
« Discussion précédente | Discussion suivante »

Discussions similaires

  1. [Héritage] implémentation méthodes privées/protégées
    Par pacha1 dans le forum Langage
    Réponses: 8
    Dernier message: 04/06/2004, 09h13
  2. Moteur physique : comment l'implémenter ?
    Par haypo dans le forum Algorithmes et structures de données
    Réponses: 15
    Dernier message: 17/12/2003, 12h56
  3. implémentation de fopen et son exécution à distance
    Par Kali dans le forum CORBA
    Réponses: 2
    Dernier message: 06/07/2002, 12h36
  4. Implémentation des fonctions mathématiques
    Par mat.M dans le forum Mathématiques
    Réponses: 9
    Dernier message: 17/06/2002, 16h19

Partager

Partager
  • Envoyer la discussion sur Viadeo
  • Envoyer la discussion sur Twitter
  • Envoyer la discussion sur Google
  • Envoyer la discussion sur Facebook
  • Envoyer la discussion sur Digg
  • Envoyer la discussion sur Delicious
  • Envoyer la discussion sur MySpace
  • Envoyer la discussion sur Yahoo