Stack Overflow
Stack Overflow

Questions tagged [jgss]

29 questions
12
votes
2 answers

Windows support of native GSS-API in Java 6

From http://java.sun.com/developer/technicalArticles/J2SE/security/#3: Note: These two system properties are ignored when applications run on operating systems that do not yet support this feature, for example, MS Windows. That document is…
Thorbjørn Ravn Andersen
  • 73,784
  • 33
  • 194
  • 347
10
votes
2 answers

Kerberos error: GSSHeader did not find the right tag

I’m trying to make Kerberos authentication connection to a SOAP service wsdl url. I’m able to establish connection successfully and make service calls. After I start my server, I’m able to make successful service call at least once. However after…
Pranalee
  • 3,389
  • 3
  • 22
  • 36
6
votes
2 answers

GSSContext with null SrcName

I'm working a web appliaction with SSO based on the Windows domain login, for this purpose I have chosen to validate Kerberos tickets. But now I'm facing a problem for which I can't find a solution. I manage to validate a ticket without exceptions,…
Vartlok
  • 2,539
  • 3
  • 32
  • 46
5
votes
0 answers

Can the 'default native GSS-API on Windows' in Java 12 support SSO with JAAS by using the Krb5 principal of the user executing the JVM?

Vanilla Krb5LoginModule is working, prompting for creds In my modest usage of JAAS -> JGSS -> Kerberos -> Windows thus far, I have set up a Krb5LoginModule When I do: Subject.doAs( new LoginContext(...)).login(), // subject new…
David Bullock
  • 6,112
  • 3
  • 33
  • 43
5
votes
1 answer

How to obtain renewable kerberos tickets using java GSS+JAAS

I am using jTDS to connect to SQLServer. Internally jTDS uses GSS to obtain a kerberos' service ticket and establish a secure context. Since my app is long lived and my connections are kept alive the entire time I need that kerberos' service ticket…
Claudio
  • 1,848
  • 12
  • 26
4
votes
3 answers

Tomcat fails to authenticate using spnego, "Cannot locate default realm"

I'm using http://spnego.sourceforge.net/spnego_tomcat.html tutorial to try to config Tomcat to use spnego. Hello_KDC.java worked and I was able to authenticate. And if I use wrong password I get error Exception, so it's working. But when I try to…
Hikari
  • 3,797
  • 12
  • 47
  • 77
3
votes
0 answers

How to mock GSSManager correctly?

I want to mock GSSManager for unit testing using Powermock. It failed when I did mockStatic(GSSManager.class) because of this error: java.lang.VerifyError: Bad return type Exception Details: Location: …
Minh Nguyen
  • 81
  • 4
3
votes
3 answers

Spnego Kerberos Authentication gives "Request is a replay (34)" error for Windows 7 users

I have setup Spnego authentication on my Tomcat 7 webapp. It works fine for Ubuntu 14.04 and Windows 10 users. However, all users using Chrome/Firefox/IE get the following error: GSSException: Failure unspecified at GSS-API level (Mechanism level:…
xennygrimmato
  • 2,646
  • 7
  • 25
  • 47
2
votes
2 answers

Correct Kerberos principal type for a hostbased service

There are several types of Kerberos principals. A regular user princpal like michael-o@COMPANY.COM would be KRB_NT_PRINCIPAL. But what about a service like HTTP/host.company.com@COMPANY.COM? There are a few possible types like…
Michael-O
  • 18,123
  • 6
  • 55
  • 121
2
votes
1 answer

Kerberos and LDAP: Why does Java 6 truncate LDAP host names when using Kerberos?

My task is to connect to a Kerberized LDAP server through Java GSS API. I have a small sample app that I use to test my connection, my Kerberos configuration, connection parameters, etc, to be sure that I can connect to the LDAP server and retrieve…
Asad Ullah Naweed
  • 61
  • 4
2
votes
2 answers

When using Sasl.createSaslClient with kerberos, is it possible to modify kerberose configuration options?

I would like to use non-default location for ticket cache. Is it possible to set this value? I checked Krb5LoginModule and it allows for such configuration, but I could not find anything related to Sasl clients. Any help with this regard will be…
Prafulla
  • 832
  • 1
  • 7
  • 17
2
votes
0 answers

Disabling Replay Cache during context establishment in JGSS

I want to disable the replay cache during context establishment in Kerberos ( JGSS ) to avoid Request is a replay (34) exception. JGSS provides the method requestReplayDet() to be called on initiator side but this works only to detect replay of…
Cerberuz
  • 155
  • 2
  • 15
2
votes
1 answer

Kerberos Credential Delegation

I am trying a sample credential delegation program using GSS API on Active Directory Client and Service. On using context.requestCredDeleg(true), when i check context.getCredDelegState(), it returns true on client side before context establishment.…
Cerberuz
  • 155
  • 2
  • 15
1
vote
1 answer

JAAS - GSS: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)

I am trying to run JGSS' initSecContext... and fail (on Fedora 35). I ran first kinit succesfully : [pascal@zbook appClientModule]$ klist Ticket cache: KCM:1000 Default principal: client@TEST.COM Valid starting Expires Service…
Pascal Jakobi
  • 11
  • 5
1
vote
1 answer

Tomcat can't find classes on OpenJDK 11

After moving from OracleJDK 8 to OpenJDK 11, our Tomcat 8 doesn't start anymore with the following exception: Caused by: java.lang.ClassNotFoundException: org.ietf.jgss.GSSContext at…
Erik Pragt
  • 13,513
  • 11
  • 58
  • 64
1
2