Comments on: Spring Security Kerberos/SPNEGO Extension

By: Aurelien

Aurelien — Mon, 10 Oct 2011 09:19:53 +0000

Could it be possible to use Spring Security Kerberos Extension with multiple domains (on separate forests with a two-way forest trust) by merging keytab files ?

By: Zoharat

Zoharat — Mon, 03 Oct 2011 17:08:47 +0000

So simply specifying a kvno value fixed the NTLM token issue you observed Windows?

By: Tul

Tul — Mon, 03 Oct 2011 17:02:38 +0000

Zoharat,
In my case it was a matter of bad kvno in keytab. Unfortunately I can't give you a recipe as the admin fixed that, not me. He said that some kind of example app of Apache Kerberos helped him a lot as it gives much better error information.
At least you have a hint.

By: Zoharat

Zoharat — Mon, 03 Oct 2011 15:22:03 +0000

Tul,

Were you able to figure out why NTLM token were being generated, we have done all the verifcations i.e.
1>Server client on separate machines
2>Site listed in Intranet sites.
3>Using the URL as http://:/application
4>kinit also seems to work.

But still the header contains NTLM token.

By: Zoharat

Zoharat — Mon, 03 Oct 2011 15:20:25 +0000

Tul,

But still the header contains NTLM tokens.

By: OCTO talks ! » Implementando Segurança em um aplicativo Flex/BlazeDS utilizando o Single-Sign-On do Active Directory

Fri, 23 Sep 2011 18:59:28 +0000

[...] O manual da extensão (incluindo a configuração Internet Explorer) [...]

By: Nick

Nick — Fri, 23 Sep 2011 07:13:31 +0000

Hi,

Can anyone tell me where the repository was moved to? http://maven.springframework.org/milestone seems not to be working anymore… And is 1.0.0.M1 still the current version?

Thanks a lot for your responses.

By: Tul

Tul — Wed, 21 Sep 2011 10:42:11 +0000

Now I tried to deploy app on linux tomcat and I get 'javax.security.auth.login.LoginException: Unable to obtain password from user' on server startup with no corresponding '[key] not available in [keytab]' message. Keytab is generated using java 1.5 ktab. I generated it in the same way previously on windows server and spring read the principals successfully.

By: Tul

Tul — Wed, 21 Sep 2011 09:47:25 +0000

It's in intranet zone. The browser is IE9 but I also tried IE7, 6 and firefox

By: ukdavo

ukdavo — Wed, 21 Sep 2011 08:27:09 +0000

What zone is the website in? Internet zone? Intranet zone? If the latter, NTLM will be used.