Kerberos EAP implementation performs double network roundtrip
Issue
- SPNEGO/Kerbreos configuration executes two network roundtrips to login.
- After configured kerberos with AD the browser is receiving two 401 except of one.
- The
jboss-negotiation-toolkit
demo application shows "Unexpected NegTokenTarg, first token should be NegTokenInit!". -
Configuring kerberos/SPNEGO login and activating DEBUG the following exception appears:
[org.jboss.security] (default task-13) PBOX00206: Login failure: javax.security.auth.login.LoginException: Continuation Required. at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:192) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ...
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
- 7.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.