SPNEGO - JAAS with KerberosLoginModule
Hi!
I'm trying to configure single signon using Weblogic-IIS and ActiveDirectory.
I have configured each and everything as it's written, and enabled every possible debug option. The following is the result.
Could anyone help me?
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 130>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: num octets is 2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 1219>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: SPNEGO static oid0: 0606 2b06 0105 0502..+.....
>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: SPNEGO in oid0: 0606 2b06 0105 0502..+.....
>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Neg token found>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 130>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: num octets is 2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 1207>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: len of neg token 1207>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: sequence found>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 130>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: num octets is 2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 1203>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: len of sequence token 1203>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: choice is 160>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 36>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 36>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: len of mech type 36>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 34>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 34>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: len of mech type seq 34>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: mech type offset 24>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <mech type token16: 0609 2a86 4882 f712..*.H...
32: 0102 0206 092a 8648 86f7 1201 0202 060a.....*.H........
48: 2b06 0104 0182 3702 020a+.....7...
>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Mech list oid 1.2.840.48018.1.2.2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Mech list oid 1.2.840.113554.1.2.2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Mech list oid 1.3.6.1.4.1.311.2.2.10>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 130>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: num octets is 2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 1161>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Mech token len 1161>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: b is 130>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: num octets is 2>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.getLengthDER: len is 1157>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <SPNEGONegotiateToken.discriminate: Mech token
0: 6082 0481 0609 2a86 4886 f712 0102 0201`.....*.H.......
16: 006e 8204 7030 8204 6ca0 0302 0105 a103.n..p0..l.......
32: 0201 0ea2 0703 0500 2000 0000 a382 039c........ .......
48: 6182 0398 3082 0394 a003 0201 05a1 111ba...0...........
64: 0f45 4c4f 5445 542e 4552 5354 452e 4855.ELOTET.ERSTE.HU
80: a228 3026 a003 0201 02a1 1f30 1d1b 0448.(0&.......0...H
96: 5454 501b 1561 6c65 7261 6e74 322e 706fTTP..alerant2.po
112: 7374 6162 616e 6b2e 6875 a382 034e 3082stabank.hu...N0.
128: 034a a003 0201 03a1 0302 0106 a282 033c.J.............><
144: 0482 0338 f53b 57d0 2613 e30e a7ac d41c...8.;W.&.......
160: 5d8a 3b0f f9e8 4fe1 cfce ef6f c227 5c24].;...O....o.'\$
176: 3945 d27e ef3a 8555 7e4e 505d 75fb ced39E.~.:.U~NP]u...
192: 0db3 741e db23 c57d e252 88ff b738 08b8..t..#.}.R...8..
208: 3a6e f250 0426 59c4 c181 0393 4259 7ab1:n.P.&Y.....BYz.
224: de88 f6b0 e64d af6c 3146 1207 2873 7dae.....M.l1F..(s}.
240: 29e5 5c1b f816 7407 5615 693e 0cba 2368).\...t.V.i>..#h
256: 017e 4a33 9add 92a6 3862 89a4 4f7e e320.~J3....8b..O~.
272: dd39 d09e f7fd ff3b 78f2 bf58 c2a6 9c4c.9.....;x..X...L
288: 594c 2123 d649 20f3 e8bb 9b38 2ec5 3d93YL!#.I ....8..=.
304: 6b15 9839 0d37 b862 1293 a1e3 294c 89bek..9.7.b....)L..
320: 7c77 2786 58bf 4674 029e cf8e 05cb 5527|w'.X.Ft......U'
336: 6938 fbb9 fe72 2196 1eea 4eac eb85 072ci8...r!...N....,
352: 0659 8ecd 6a18 8429 1b16 9a0e 32cf 7fca.Y..j..)....2...
368: cc5e cab3 9ee3 0e47 97dd 04cb 1efe 5404.^.....G......T.
384: 40a1 013e 01d8 9a98 8ad1 901d 9cac ad95@..>............
400: adf3 fbec 171f 303c 8d5f 1bbc f83b 0d54......0<._...;.T
416: fc36 09fd 43cd d530 8038 766c 6352 791a.6..C..0.8vlcRy.
432: a30e 1a71 0099 d59a 3763 0d49 1a25 7466...q....7c.I.%tf
448: 1f37 dbf8 171d d19c 36cb 8eb5 a43a c67a.7......6....:.z
464: bb99 a572 da4c 7e4d e39d d6d5 7302 2b91...r.L~M....s.+.
480: ca0a c62d ba5a 99f8 336f e180 a30f 2890...-.Z..3o....(.
496: 3af7 af2e 5216 e6bb bab2 9ef7 5d52 03d0:...R.......]R..
512: b1f6 8ddf a471 9f7f fadd ba04 da4c 84a4.....q.......L..
528: 60a2 cc9b eec8 b010 7e6d a278 e297 d35c`.......~m.x...\
544: 0d6d a8c7 511d e3fb 9bf0 ce2a 0695 7964.m..Q......*..yd
560: 3486 60f1 0b98 b403 15c6 116a 4733 69e64.`........jG3i.
576: 62b6 6b9b 37c4 9163 e69f 8196 a464 90afb.k.7..c.....d..
592: 6013 1790 2ff7 117c db0b 945b aad3 4792`.../..|...[..G.
608: 48aa a416 5852 6d0c 337c 78be aee6 a719H...XRm.3|x.....
624: f6f9 0e84 a3f7 b6e4 1db9 b43e 03a4 2e79...........>...y
640: c660 3c6a 186d 61be 2b1b d33e 4d9d 1559.`<j.ma.+..>M..Y
656: bce4 505e c480 0364 4dc9 bc8e f8d5 d6e7..P^...dM.......
672: 1bf0 b1b0 b285 e663 d370 bb82 f33a 003d.......c.p...:.=
688: 78ae 2d0c 5ab2 872c f342 8a7e 9784 baf5x.-.Z..,.B.~....
704: 4496 ffd5 503f 1bac fc9d 7f1e 465c a103D...P?......F\..
720: b469 2b68 7856 21b0 c3ff 31ca f567 249c.i+hxV!...1..g$.
736: a7a8 c5f6 2f81 682b fd3e ce06 8540 dc05..../.h+.>...@..
752: 08fb fe63 31e1 c914 5172 746d 4f08 7db3...c1...QrtmO.}.
768: 99ea 6d19 0030 b36e fac8 cbd1 d6bb 7c0e..m..0.n......|.
784: e23b 84d3 66d3 4bdc 1aaa 6731 b75d b3e2.;..f.K...g1.]..
800: 3ada 31d5 ed20 fc3c 6912 f07d eab6 67b2:.1.. .<i..}..g.
816: 58cd 0618 c135 d0a6 2029 5fc5 7909 b93eX....5.. )_.y..>
832: 286f 5cd0 968f fe3a 36fd 3b02 4c6c 8dce(o\....:6.;.Ll..
848: 7a46 c2a3 32c8 ec76 911e ee44 f880 5bc1zF..2..v...D..[.
864: e6df 6700 c2c5 936b 0eb4 7da1 fe1e 4e23..g....k..}...N#
880: 0c7b cd74 d5f8 4861 5f55 d42d 6de5 1ddf.{.t..Ha_U.-m...
896: 81f3 0719 125e 3110 160b 9445 9088 cd33.....^1....E...3
912: 1bac 18a5 b097 a922 9df1 1878 3105 132c......."...x1..,
928: c26f 25f9 9c6e 4240 02e2 765e 0aaf 56b0.o%..nB@..v^..V.
944: 4605 7235 e6ff e68e 192b 8525 bbff 2624F.r5.....+.%..&$
960: 7943 6ba2 8791 f6af 5a78 3978 a481 b630yCk.....Zx9x...0
976: 81b3 a003 0201 03a2 81ab 0481 a8dc c5bd................
992: 58f9 03fc d634 409b 9192 bf9e 052f d5bdX....4@....../..
1008: f6fc b190 fbd2 0140 9544 929a 73c5 2a0c.......@.D..s.*.
1024: 36d7 2dd4 a5b1 9d27 e7bc f24f ab06 c70b6.-....'...O....
1040: 7a7c fd74 0ed3 227c ee01 8f8d dd47 11cbz|.t.."|.....G..
1056: 27f7 36a8 270b e46f abb8 11e2 0f07 5833'.6.'..o......X3
1072: 8553 4bb7 707e 3362 fc1b c5f1 4119 8a99.SK.p~3b....A...
1088: 211a 6c47 b38d a28d c210 071c 94d0 584e!.lG..........XN
1104: 9c63 28af 7421 313e 60f9 e606 c4b2 d74d.c(.t!1>`......M
1120: 46fa 8e02 cfdc 0976 c463 84b9 c9e0 5d34F......v.c....]4
1136: 342e d31c 18bd b6e2 b2d6 cf49 c6ce 1d304..........I...0
1152: 8929 e7c7 45.)..E
>
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <Found Negotiate with SPNEGO token>
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null KeyTab is mykeytab refreshKrb5Config is false principal is hostname@MY.HOST.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
>>> KeyTab: load() entry length: 50
>>> KeyTabInputStream, readName(): MY.HOST.COM
>>> KeyTabInputStream, readName(): hostname
>>> KeyTab: load() entry length: 56
>>> KeyTabInputStream, readName(): MY.HOST.COM
>>> KeyTabInputStream, readName(): host
>>> KeyTabInputStream, readName(): hostname
>>> KeyTab: load() entry length: 56
>>> KeyTabInputStream, readName(): MY.HOST.COM
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): hostname
principal's key obtained from the keytab
principal is hostname@MY.HOST.HU
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbAsReq etypes are: 3 1
>>> KrbKdcReq send: kdc=ADSERVER.MYHOST.COM UDP:88, timeout=30000, number of retries =3, #bytes=234
>>> KDCCommunication: kdc=ADSERVER.MYHOST.COM UDP:88, timeout=30000,Attempt =1, #bytes=234
>>> KrbKdcReq send: #bytes read=199
>>> KrbKdcReq send: #bytes read=199
>>> KDCRep: init() encoding tag is 126 req type is 11
>>>KRBError:
sTime is Wed Jul 06 16:35:40 CEST 2005 1120660540000
suSec is 309124
error code is 24
error Message is Pre-authentication information was invalid
realm is MY.HOST.COM
sname is krbtgt/MY.HOST.COM
eData provided.
[Krb5LoginModule] authentication failed
Pre-authentication information was invalid (24)
<06-Jul-2005 16:34:50 o'clock CEST> <Debug> <SecurityDebug> <000000> <GSS exception GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Lsun.security.jgss.krb5.Krb5NameElement;)Ljavax.security.auth.kerberos.KerberosKey;(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Lsun.security.jgss.krb5.Krb5NameElement;)Lsun.security.jgss.krb5.Krb5AcceptCredential;(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;III)Lsun.security.jgss.spi.GSSCredentialSpi;(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;IILorg.ietf.jgss.Oid;I)Lsun.security.jgss.spi.GSSCredentialSpi;(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(Lorg.ietf.jgss.GSSName;IILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.><init>(Lsun.security.jgss.GSSManagerImpl;Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)Lorg.ietf.jgss.GSSCredential;(GSSManagerImpl.java:102)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Ljava.io.InputStream;Ljava.io.OutputStream;)V(GSSContextImpl.java:277)
at sun.security.jgss.GSSContextImpl.acceptSecContext([BII)[B(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername()Ljava.lang.String;(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Ljavax.security.auth.callback.CallbackHandler;(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Lweblogic.security.acl.internal.AuthenticatedSubject;(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;Lweblogic.security.acl.internal.AuthenticatedSubject;)Z(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)Z(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)Z(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)Z(ServletSecurityManager.java:145)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)V(WebAppServletContext.java:3685)
at weblogic.servlet.internal.ServletRequestImpl.execute(Lweblogic.kernel.ExecuteThread;)V(ServletRequestImpl.java:2644)
at weblogic.kernel.ExecuteThread.execute(Lweblogic.kernel.ExecuteRequest;)V(ExecuteThread.java:219)
at weblogic.kernel.ExecuteThread.run()V(ExecuteThread.java:178)
at java.lang.Thread.startThreadFromVM(Ljava.lang.Thread;)V(Unknown Source)
Caused by: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Z)V(Krb5LoginModule.java:585)
at com.sun.security.auth.module.Krb5LoginModule.login()Z(Krb5LoginModule.java:475)
at jrockit.reflect.NativeMethodInvoker.invoke0(Ljava.lang.Object;ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Ljava.lang.String;)V(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(Ljavax.security.auth.login.LoginContext;Ljava.lang.String;)V(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run()Ljava.lang.Object;(LoginContext.java:610)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invokeModule(Ljava.lang.String;)V(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login()V(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run()Ljava.lang.Object;(LoginUtility.java:57)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Lsun.security.jgss.krb5.Krb5NameElement;)Ljavax.security.auth.kerberos.KerberosKey;(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Lsun.security.jgss.krb5.Krb5NameElement;)Lsun.security.jgss.krb5.Krb5AcceptCredential;(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;III)Lsun.security.jgss.spi.GSSCredentialSpi;(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;IILorg.ietf.jgss.Oid;I)Lsun.security.jgss.spi.GSSCredentialSpi;(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(Lorg.ietf.jgss.GSSName;IILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(Lsun.security.jgss.GSSManagerImpl;Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)Lorg.ietf.jgss.GSSCredential;(GSSManagerImpl.java:102)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Ljava.io.InputStream;Ljava.io.OutputStream;)V(GSSContextImpl.java:277)
at sun.security.jgss.GSSContextImpl.acceptSecContext([BII)[B(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername()Ljava.lang.String;(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Ljavax.security.auth.callback.CallbackHandler;(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Lweblogic.security.acl.internal.AuthenticatedSubject;(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;Lweblogic.security.acl.internal.AuthenticatedSubject;)Z(CertSecurityModule.java:104)
at weblogic.servlet.security.internal.SecurityModule.beginCheck(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)Z(SecurityModule.java:199)
at weblogic.servlet.security.internal.CertSecurityModule.checkA(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;)Z(CertSecurityModule.java:86)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(Lweblogic.servlet.internal.ServletRequestImpl;Lweblogic.servlet.internal.ServletResponseImpl;)Z(ServletSecurityManager.java:145)
Caused by: KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>([BLsun.security.krb5.EncryptionKey;Lsun.security.krb5.KrbAsReq;)V(DashoA6275:67)
at sun.security.krb5.KrbAsReq.getReply(Lsun.security.krb5.EncryptionKey;)Lsun.security.krb5.KrbAsRep;(DashoA6275:315)
at sun.security.krb5.Credentials.acquireTGT(Lsun.security.krb5.PrincipalName;Lsun.security.krb5.EncryptionKey;)Lsun.security.krb5.Credentials;(DashoA6275:352)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Z)V(Krb5LoginModule.java:576)
at com.sun.security.auth.module.Krb5LoginModule.login()Z(Krb5LoginModule.java:475)
at jrockit.reflect.NativeMethodInvoker.invoke0(Ljava.lang.Object;ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Ljava.lang.String;)V(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(Ljavax.security.auth.login.LoginContext;Ljava.lang.String;)V(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run()Ljava.lang.Object;(LoginContext.java:610)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invokeModule(Ljava.lang.String;)V(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login()V(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run()Ljava.lang.Object;(LoginUtility.java:57)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Lsun.security.jgss.krb5.Krb5NameElement;)Ljavax.security.auth.kerberos.KerberosKey;(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Lsun.security.jgss.krb5.Krb5NameElement;)Lsun.security.jgss.krb5.Krb5AcceptCredential;(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;III)Lsun.security.jgss.spi.GSSCredentialSpi;(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;IILorg.ietf.jgss.Oid;I)Lsun.security.jgss.spi.GSSCredentialSpi;(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(Lorg.ietf.jgss.GSSName;IILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(Lsun.security.jgss.GSSManagerImpl;Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)Lorg.ietf.jgss.GSSCredential;(GSSManagerImpl.java:102)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Ljava.io.InputStream;Ljava.io.OutputStream;)V(GSSContextImpl.java:277)
at sun.security.jgss.GSSContextImpl.acceptSecContext([BII)[B(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername()Ljava.lang.String;(SPNEGONegotiateToken.java:371)
at weblogic.security.providers.authentication.SinglePassNegotiateIdentityAsserterProviderImpl.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Ljavax.security.auth.callback.CallbackHandler;(SinglePassNegotiateIdentityAsserterProviderImpl.java:201)
at weblogic.security.service.PrincipalAuthenticator.assertIdentity(Ljava.lang.String;Ljava.lang.Object;)Lweblogic.security.acl.internal.AuthenticatedSubject;(PrincipalAuthenticator.java:553)
at weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(Ljavax.servlet.http.HttpServletRequest;Ljavax.servlet.http.HttpServletResponse;Lweblogic.security.acl.internal.AuthenticatedSubject;)Z(CertSecurityModule.java:104)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.af.a(Lsun.security.util.DerValue;I)V(DashoA6275:134)
at sun.security.krb5.internal.at.a(Lsun.security.util.DerValue;)V(DashoA6275:63)
at sun.security.krb5.internal.at.<init>(Lsun.security.util.DerValue;)V(DashoA6275:58)
at sun.security.krb5.KrbAsRep.<init>([BLsun.security.krb5.EncryptionKey;Lsun.security.krb5.KrbAsReq;)V(DashoA6275:53)
at sun.security.krb5.KrbAsReq.getReply(Lsun.security.krb5.EncryptionKey;)Lsun.security.krb5.KrbAsRep;(DashoA6275:315)
at sun.security.krb5.Credentials.acquireTGT(Lsun.security.krb5.PrincipalName;Lsun.security.krb5.EncryptionKey;)Lsun.security.krb5.Credentials;(DashoA6275:352)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Z)V(Krb5LoginModule.java:576)
at com.sun.security.auth.module.Krb5LoginModule.login()Z(Krb5LoginModule.java:475)
at jrockit.reflect.NativeMethodInvoker.invoke0(Ljava.lang.Object;ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Ljava.lang.String;)V(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(Ljavax.security.auth.login.LoginContext;Ljava.lang.String;)V(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run()Ljava.lang.Object;(LoginContext.java:610)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at javax.security.auth.login.LoginContext.invokeModule(Ljava.lang.String;)V(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login()V(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run()Ljava.lang.Object;(LoginUtility.java:57)
at jrockit.vm.AccessController.do_privileged_exc(Ljava.security.PrivilegedExceptionAction;Ljava.security.AccessControlContext;I)Ljava.lang.Object;(Unknown Source)
at jrockit.vm.AccessController.doPrivileged(Ljava.security.PrivilegedExceptionAction;)Ljava.lang.Object;(Unknown Source)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Lsun.security.jgss.krb5.Krb5NameElement;)Ljavax.security.auth.kerberos.KerberosKey;(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Lsun.security.jgss.krb5.Krb5NameElement;)Lsun.security.jgss.krb5.Krb5AcceptCredential;(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;III)Lsun.security.jgss.spi.GSSCredentialSpi;(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(Lsun.security.jgss.spi.GSSNameSpi;IILorg.ietf.jgss.Oid;I)Lsun.security.jgss.spi.GSSCredentialSpi;(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(Lorg.ietf.jgss.GSSName;IILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(Lsun.security.jgss.GSSManagerImpl;Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)V(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(Lorg.ietf.jgss.GSSName;ILorg.ietf.jgss.Oid;I)Lorg.ietf.jgss.GSSCredential;(GSSManagerImpl.java:102)
at sun.security.jgss.GSSContextImpl.acceptSecContext(Ljava.io.InputStream;Ljava.io.OutputStream;)V(GSSContextImpl.java:277)
at sun.security.jgss.GSSContextImpl.acceptSecContext([BII)[B(GSSContextImpl.java:246)
at weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername()Ljava.lang.String;(SPNEGONegotiateToken.java:371)
>
