kerberos « Security « Spring Q&A





1. "Defective Token Deteced" error (NTLM not Kerberos) with Kerberos/Spring Security/IE/Active Directory    stackoverflow.com

We are having trouble getting Spring Security/Kerberos/AD to work for our web app. Our diagnosis is that our AD server sending an NTLM token (we can tell as it starts with ...

2. Why spring security kerberos extension 1.0.0.M2 is not working for jdk 1.6.0_22 and above    stackoverflow.com

The spring security kerberos extension 1.0.0.M2 is working for jdk1.6.0_18 and below, but failed in new jdk 1.6.0_22 and 1.6.0_23 with the following exceptions:

Negotiate Header was invalid: Negotiate YIIHpQYGKwYBBQUCoIIHmTCCB5WgJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCB2sEggdnYIIHYwYJKoZIhvcSAQICAQBuggdSMIIHTqADAgEFoQMCAQ6iBwMFACAAAACjggZxYYIGbTCCBmmgAwIBBaEYGxZXQU0uV0VTVEVSTkFTU0VULkxPQ0FMojMwMaADAgECoSowKBsESFRUUBsgZGV2d2FyY2gxLndhbS53ZXN0ZXJuYXNzZXQubG9jYWyjggYRMIIGDaADAgEXoQMCAQ6iggX/BIIF+54nsIgnyOHTnF2nD3XHzz51k/sqBht6lMFESs+CDL2SNCiZOD0Iqee03v3aUyzDncMTkXRRw/F2HOHCv1XPoKFhKZwJDTnKkbm7DDSJFok7rsekQqCntt+DObI6umiZU7XDKP4zyMVadrqQ6psJyUfpaGpU9uRHB79voBJaKGIjeDjSU2z7ybfvoxfPckFO905tM5HXjmM2sm5GAG0gY7/qHlCau1ayH0H/Tfly0EOS1B0D6ryue+Ne6VEt7OUOk89tSQM7F3qUqOsKzwuokBWjERX+ytcnc44uVslncQvn4peWPohePWZL7fpsm4w+kdO40oYeEGhZhbpGLCeII7U51y+NxbiCvTiIuc5nnkhESNQtbrmcUmpJIsbxrjr0cdyFua8oDgEQ6LYuRMY7FHKFDIWvTSaiDIoTBbxkh9I9jHatHhHWdi4WlLo1pJe9Ge4szzDAe2uuHrIgTLjuJx8r 

3. spring-security-kerberos can't read keytab?    stackoverflow.com

I'm trying to follow this tutorial for spring-security-kerberos I have a keytab with one principal in it:

ktutil:  rkt http-web.keytab
ktutil:  l
slot KVNO Principal
---- ---- ---------------------------------------------------------------------
   1  ...

4. How can I manually test a kerberos SPI for tomcat SSO    stackoverflow.com

I'm trying to debug my spring-security-kerberos web app that runs on tomcat6 on Centos5.5 and have a service principal in a keytab that i generated on a windows 2008 AD. I would ...

5. how to make spring-ws work with kerberos    stackoverflow.com

I couldn't find information about how to make org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor work with kerberos. I probably need to configure the interceptor and also the securityPolicy.xml file in some way. Would appreciate any help! I use spring-ws 2.0.2 ...

6. Spring-security, Tomcat and SPNEGO - best approach    stackoverflow.com

I'm looking for the best approach to achieve SPNEGO/Kerberos login for a spring-security application on Tomcat and Windows. Candidates i've looked at:

7. Kerberos/Spnego plus Form Login    forum.springsource.org

Kerberos/Spnego plus Form Login Hi all, I am rather new to Spring Security (and Spring as a whole), but it looks like a great framework. So far, we have managed to ...

8. SpringSecurityFilterChain and Kerberos    forum.springsource.org

We are using SpringSecurityFilterChain as we have a number of custom filters. We would like to upgrad to spring security 3.0.5,and use kerberos. How do I specify the SpnegoEntryPoint when I ...

9. Kerberos and FireFox    forum.springsource.org

Kerberos and FireFox We have Kerberos working greate from IE. To make it work in firefox I set the value of my web app URL in this property network.negotiate-auth.trusted-uris. While this ...





10. Kerberos and Webshpere    forum.springsource.org

I would like to use Kerberos when my app is deployed on Webshpere. We have managed to make it work in JBoss how do we get it to work in the ...

11. Kerberos Failing with full domain name    forum.springsource.org

As per Mike's blog , we must specify the fully qualified domain name when accessing out application. IN our case we do have the KDC_NAME=TSTVMWIN2K8R2.MARVEL.LOCAL and the REALM=MARVEL.LOCAL set as jvm ...

12. spring-ws based client need to consume WS with WS-Security Kerberos Token    forum.springsource.org

spring-ws based client need to consume WS with WS-Security Kerberos Token Hello, in my enviroment i have web service implemented in .NET tehnology with Kerberos Token WS-Security. My task is to ...

13. Form based authentication + kerberos authentication    forum.springsource.org

Hi, In my webapp i am trying to see if i can have the user first try kerberos authentication and if it fails try form based authentication. Is this possible? if ...

14. making spring-ws work with kerberos    forum.springsource.org

Hello. I couldn't find an example of how to set up XwsSecurityInterceptor to work with kerberos. I would appreciate any help on the subject (it's pretty urgent).

15. Active directory, kerberos and all that jaas    forum.springsource.org

Anybody have a working example of the "authorityGranter" implementation for JaasAuthenticationProvider? Specifically, populating grantedAuthorities via ActiveDirectory? I can authenticate fine via Jaas/Kerberos but when I attempt to search Active Directory to ...

16. Integrated Windows Authentication using Kerberos    forum.springsource.org

Integrated Windows Authentication using Kerberos Hi all I have a requirement to implement Single Sign On (Integrated Windows Authentication) for a web application, and the sysadmins has requested that we use ...





17. LDAP authentication with Kerberos    forum.springsource.org

I need to authenticate users on an ActiveDirectory. I managed to do it with the LdapAuthenticationProvider. Now I would like to improve security and use data encryption, the AD is configured ...

18. JAAS KERBEROS GSSAPI LDAP... I'm going insane!    forum.springsource.org

JAAS KERBEROS GSSAPI LDAP... I'm going insane! Hi dudes, my first post here, so not sure if this is a -security or -ldap issue. My requirement is the following: Connect to ...

19. pre-authentication, kerberos, ldap    forum.springsource.org

Apr 21st, 2009, 11:28 AM #1 tsingh007 View Profile View Forum Posts Private Message Junior Member Join Date Apr 2009 Posts 3 pre-authentication, kerberos, ldap Hi i have a scenario in ...

20. Kerberos extension authentication with failover to DAO auth    forum.springsource.org

Kerberos extension authentication with failover to DAO auth I am using the yet-to-be-released kerberos extension; which works great so far BTW. My app has two types of users... internal and external. ...

21. How to use Spring Security Kerberos from developer machine    forum.springsource.org

How to use Spring Security Kerberos from developer machine I am new to Kerberos, having used NTLM in the past; so, I apologize if this is trivial. Based on Mike's blog, ...

22. Kerberos doesn't work for me    forum.springsource.org

Dec 25th, 2009, 02:35 AM #1 kuchumovn View Profile View Forum Posts Private Message Junior Member Join Date Jan 2009 Posts 3 Kerberos doesn't work for me Hello. I tried to ...

23. Spring Security Kerberos Extension: SPN's and keytab on AD or App server?    forum.springsource.org

Spring Security Kerberos Extension: SPN's and keytab on AD or App server? Mike, good work on this very useful extension. To clarify your proposed solution on the blog post, are you ...

24. Kerberos Extension and Multiple Authentication Providers    forum.springsource.org

Kerberos Extension and Multiple Authentication Providers I seem to have run into a neverending authentication failure loop. I have two authentication providers defined in the authentication-manager element (see below), and a ...

25. Kerberos extension Entry Point 401 error    forum.springsource.org

Kerberos extension Entry Point 401 error I have a working site using the Kerberos Spring Extension and most scenarios work perfectly with it. I have even provided a form-based alternative using ...

26. Retrieving user's AD group using Kerberos    forum.springsource.org

Hi All Am trying to implement a security policy on our app which will use the user's AD group to decide which role & access rights to grant within the app. ...

27. Kerberos Extension, ktpass & service accounts    forum.springsource.org

The keytab file is like a private key, or set of pre-authenticated credentials against the KDC. You're generating a keytab for the service principal representing the web application. Once the keytab ...

28. Spring Security Kerberos/SPNEGO Extension and java 5    forum.springsource.org

29. Kerberos server-side login    forum.springsource.org

According to SES-10 (http://jira.springframework.org/browse/SES-10), there should be a way to do server-side Kerberos. Has anyone been able to do this? I would like to use that as a fallback from regular ...

30. Kerberos Extension question/problem    forum.springsource.org

Kerberos Extension question/problem Hello, We are trying to use the Kerberos extension by following the excellent and recently released book "Spring Security 3" by Peter Mularien. However, were still confused about ...

31. Kerberos + Oracle proxy authentication    forum.springsource.org

Kerberos + Oracle proxy authentication Hello! Our main purpose is to authenticate users via kerberos and create a proxy connection with oracle database, using the data we've obtained through kerberos. Later ...

32. Kerberos extension vs. SPNEGO TAI in Websphere    forum.springsource.org

Kerberos extension vs. SPNEGO TAI in Websphere I came across the following documentation in the Websphere server: http://publib.boulder.ibm.com/infoce...onfig_tai.html It describes how to configure Websphere to use SPNEGO. On the other hand, ...

33. Negotiate/NTLMv2/Kerberos support in Waffle spring-security extension    forum.springsource.org

Negotiate/NTLMv2/Kerberos support in Waffle spring-security extension Forgive me for shameless advertising, people often ask how to do NTLM/Negotiate/Kerberos with spring-security in this forum. We've added a spring-security extension to Waffle, a ...

34. Spring Security - Kerberos - LoginException: Unable to obtain password from the user    forum.springsource.org

Spring Security - Kerberos - LoginException: Unable to obtain password from the user Hello, I have this configuration: - Windows Server 2008 R2 running on VirtualBox on another PC, I can ...

35. kerberos for springsecurity2    forum.springsource.org

may i know does spring-security-kerberos-core 1.0.0.M1 work for spring-security 2.0.4 ? if no, any kerberos library that i can integrate with my existing spring-security 2.0.4 ?

36. Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter    forum.springsource.org

Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter I am using the Spring Security Kerberos extension (which btw was easy to setup and use, thank you!). One problem I ran into is that ...

37. Kerberos, SSO and Machines Outside the Domain    forum.springsource.org