Stack Overflow
Stack Overflow

Questions tagged [spnego]

SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is a GSSAPI "pseudo mechanism" that is used to negotiate one of a number of possible real mechanisms.

SPNEGO (Simple and Protected GSSAPI Negotiation Mechanism) is used when a client application wants to authenticate to a remote server, but neither end is sure what authentication protocols the other supports. It is a GSSAPI "pseudo mechanism" which is used to negotiate one of a number of possible real mechanisms.

SPNEGO

It is defined in RFC 4178.

Source: SPNEGO on Wikipedia

361 questions
18
votes
9 answers

Kerberos - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

I'm trying to setup SSO for Java WebApp using Kerberos/SpNego. I'm using: Java 1.7u67 org.springframework.security.kerberos 1.0.0.RELEASE Active Directory Tomcat 7 on Linux After overcoming the problem discribed in How to configure kerberos on…
Gunnar Kiesel
  • 783
  • 1
  • 8
  • 21
16
votes
4 answers

How do people make Java SPNEGO client work in Windows?

In order to do client-side HTTP SPNEGO authentication with Java on Windows you need to set the Windows Registry key allowtgtsessionkey. This is well documented. What I do not understand is how people get around this? Most corporate sites would…
peterh
  • 18,404
  • 12
  • 87
  • 115
15
votes
1 answer

How do I authenticate with Spnego/Kerberos and Apache's HttpClient?

How do I correctly setup a connection with HttpClient that uses the logged in user's ActiveDirectory credentials to authenticate against a website and requires Kerberos/Spnego authentication?
chris
  • 2,467
  • 2
  • 25
  • 25
14
votes
5 answers

Decrypt kerberos ticket using Spnego

I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss. I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be…
Danubian Sailor
  • 1
  • 38
  • 145
  • 223
11
votes
3 answers

Kerberos broken after upgrading from Java6 to Java7

I have a working application using the spring-security kerberos extension, running on jboss, running java 6. I'm in the process of upgrading my jvm from java 6 to java 7. When I do that, using the same codebase and the same keytab that worked on…
A Ehrensberger
  • 111
  • 1
  • 5
10
votes
2 answers

checksum failed: Kerberos / Spring / Active Directory (2008)

We are having trouble getting Kerberos/AD authentication to work with a Spring webapp, and I believe the problem has to do with encryption types for the Kerberos tickets and the Active Directory domain functional level. The basic setup is: Tomcat…
slt
  • 111
  • 1
  • 1
  • 4
10
votes
2 answers

Java Kerberos authentication seems to work, still gets rejected

I've got a Java client app and a Java server app, and I'm trying to authenticate to the server via Kerberos. The client basically uses http-components and SPNEGO to make a HTTP GET call, but I always get 401 Unauthorized as a result. I can not spot…
Michael Böckling
  • 7,341
  • 6
  • 55
  • 76
9
votes
3 answers

SPNEGO (kerberos token generation/validation) for SSO using Python

I'm attempting to implement a simple Single Sign On scenario where some of the participating servers will be windows (IIS) boxes. It looks like SPNEGO is a reasonable path for this. Here's the scenario: User logs in to my SSO service using his…
Parand
  • 102,950
  • 48
  • 151
  • 186
9
votes
1 answer

Spring Boot with Spnego/Kerberos - Config Issues - A ServletContext is required to configure default servlet handling

I appear to have hit a bit of a dead-end with getting spring-security-kerberos-web to work with a Spring Boot application. I have a single @Configuration class in my project as below package com.co.dept.bsc.configuration; import…
Craig
  • 341
  • 2
  • 9
  • 18
9
votes
3 answers

Tomcat authentication using SPNEGO/Kerberos and delegation

Is there an apache module that implements Kerberos authentication for use by Tomcat and also supports Kerberos delegation? I've already looked at mod_spnego and it throws away the SSPI context it creates only keeping the principal name. Instead,…
Tony Lee
  • 5,622
  • 1
  • 28
  • 45
9
votes
1 answer

Kerberos/SPNEGO server side auth change in Java8

I'm trying to change an application from using java7u51 to java8u40 but the SSO authentication is failing. The client hasn't changed, it uses JNA windows calls (Secur32.INSTANCE.InitializeSecurityContext) but the server is no longer accepting the…
David
  • 1,862
  • 2
  • 22
  • 35
8
votes
1 answer

How to use embedded Jetty Server 9 with Kerberos authentication?

I'm trying to use Jetty embedded server to expose my Rest API and now I'd like to implement Kerberos Authentication. This is how I create SecurityHandler String domainRealm = "MY.COM"; Constraint constraint = new Constraint(); …
Jan
  • 410
  • 1
  • 7
  • 15
8
votes
1 answer

Spring Security Single Sign On in Windows Environment

I have a feeling I've stumbled into a technical black hole. There have been many questions and not many (recent) answers out there. Short summary: I have a Windows environment operating with a domain controller and Active Directory implementation…
Raevik
  • 1,945
  • 9
  • 32
  • 53
7
votes
3 answers

Can I indicate to clients that SPNEGO is supported but NTLM is not for HTTP requests?

The two WWW-Authenticate additions Microsoft makes use of that I am currently aware of are NTLM Negotiate If Negotiate is sent down from the server, based on a set of conditions Kerberos will be used Intranet Zone Accessing the server using a…
Scott Markwell
  • 1,091
  • 2
  • 16
  • 33
6
votes
1 answer

clojure library for SPNEGO/Kerberos-http authentication

I understand this is a long shot but, would there happen to be a clojure library for responding to kerberos over http (aka spnego) requests? I'm currently looking into using spring-security framework for this but thought i'd ask about a more clojure…
Arthur Ulfeldt
  • 90,827
  • 27
  • 201
  • 284
1
2 3
24 25