KDC response on KRP_AP_REQ
Hello,
I'm writing a client program and I'm trying to authenticate via HTTP negotiate. Server is SharePoint.
I already acquire session ticket for KDC (TGT). I also have a session ticket for the server (Fabrikam1), but when I'm trying to authenticate on the server with SPNGO token and I always get the same response KRB5KRB_AP_ERR_MODIFIED.
I have tryied to do SPNEGO by my self and I also tryied to use Vintela VSJ API. Response is always the same.
Here is my code with vintela VSJ API:
public class Spnego implements java.security.PrivilegedAction {
byte[] ap_req = {1,2,3,4};
ArrayList tArray = new ArrayList();
LoginContext tLoginContext;
BeanCallbackHandler beanCallbackHandler;
//String clientName = "administrator";
String clientName = "LuisB";
public Spnego() {
beanCallbackHandler = new BeanCallbackHandler(clientName, "P@ssw0rd");
System.setProperty("java.security.krb5.realm", "FABRIKAM.COM");
System.setProperty("java.security.krb5.kdc", "10.15.1.244");
System.setProperty("java.security.auth.login.config", "login.conf");
}
public static void main(String[] args)
throws IOException
{
Spnego tspnego = new Spnego();
tspnego.httpRequest();
tspnego.login();
}
public void httpRequest() {
try {
Socket httpReq = new Socket("10.15.1.244", 80);
Reader reader = new InputStreamReader(httpReq.getInputStream());
Writer writer = new OutputStreamWriter(httpReq.getOutputStream());
int c, counter = 0;
byte pom;
//GSSCredential cred = context.getDelegCred();
String soapMessage = "<?xml version='1.0' encoding='utf-8'?><soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'><soap:Body><RestoreVersion xmlns='http://schemas.microsoft.com/sharepoint/soap/'><fileName>President.jpg</fileName><fileVersion>President.jpg</fileVersion></RestoreVersion></soap:Body></soap:Envelope>";
//String httpHeader = "POST HTTP/1.1\r\nHost: 10.15.1.244\r\nUser-Agent: Java Client\r\nContent-Length: " + soapMessage.length() + "\r\nSOAPAction: \"http://schemas.microsoft.com/sharepoint/soap/RestoreVersion\"";
String httpHeader = "GET /_vti_bin/lists.asmx HTTP/1.1\r\nHost: 10.15.1.244\r\nUser-Agent: Java Client\r\n";
writer.write(httpHeader + "\r\n");
writer.flush();
} catch(Exception e) {
e.printStackTrace();
}
}
public void login()
{
try {
tLoginContext = new LoginContext("initiate", beanCallbackHandler);
tLoginContext.login();
Subject.doAs( tLoginContext.getSubject(), this);
}
catch (Exception e) {
System.out.println( ">>>> GSSClient....Secure Context not established.." );
e.printStackTrace();
}
}
public Object run() {
try
{
Subject sub = Subject.getSubject(AccessController.getContext());
GSSManager manager = GSSManager.getInstance();
Oid krb5Mechanism = new Oid("1.2.840.113554.1.2.2");
GSSName clientPeerName = manager.createName(clientName ,GSSName.NT_USER_NAME);
GSSName serverPeerName = manager.createName("www/fabrikam1.fabrikam.com@FABRIKAM.COM", GSSName.NT_USER_NAME);
// GSSName serverPeerName = manager.createName("fabrikam1", GSSName.NT_USER_NAME);
GSSCredential peerCredentials = manager.createCredential(clientPeerName, GSSCredential.DEFAULT_LIFETIME,
krb5Mechanism,GSSCredential.INITIATE_ONLY);
GSSContext peerContext = manager.createContext(serverPeerName, krb5Mechanism,
peerCredentials, GSSContext.DEFAULT_LIFETIME);
peerContext.requestConf(false);
HttpTokenTransport trans = new HttpTokenTransport("http://10.15.1.244:8080/_vti_bin/versions.asmx");
byte[] inToken = new byte[0];
ap_req = peerContext.initSecContext(ap_req, 0, ap_req.length);
if (ap_req != null) {
inToken = trans.sendAndReceive(ap_req);
}
}//try
catch(org.ietf.jgss.GSSException ge) {
System.out.println (">>> GSSClient... GSS Exception "+ge.getMessage());
ge.printStackTrace();
}
catch(java.lang.Exception e) {
System.out.println (">>> GSSClient... Exception "+e.getMessage());
e.printStackTrace();
}//catch
return null;
}//run
}
Do you have any idea why SharePoint is always responding this way?
Thank you for any help
