Hi folks, Maybe someone can shed some light on NTLM stuff here because its got me confused.
I want my browsers to accept NTLM logins and I can see the browser sending a NTLM header: 2016-11-22 10:26:03,099 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Authorization header [Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==], User Agent header [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0] 2016-11-22 10:26:03,099 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO Authorization header located as Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw== 2016-11-22 10:26:03,100 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO Authorization header found with 56 bytes 2016-11-22 10:26:03,100 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained token: NTLMSSP �� � 2016-11-22 10:26:03,139 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - Processing SPNEGO authentication 2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [AuthenticationTransaction] for audit 2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [SpnegoCredential] for audit 2016-11-22 10:26:03,229 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: unknown WHAT: Supplied credentials: [unknown] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue Nov 22 10:26:03 UTC 2016 CLIENT IP ADDRESS: 10.31.32.70 SERVER IP ADDRESS: 172.200.0.6 ============================================================= 2016-11-22 10:26:03,229 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN ============================================================= WHO: unknown WHAT: Supplied credentials: [unknown] ACTION: AUTHENTICATION_FAILED APPLICATION: CAS WHEN: Tue Nov 22 10:26:03 UTC 2016 CLIENT IP ADDRESS: 10.31.32.70 SERVER IP ADDRESS: 172.200.0.6 ============================================================= 2016-11-22 10:26:03,233 WARN [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - null java.lang.NullPointerException at org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:67) .... When I look at: https://github.com/apereo/cas/blob/16a70316889d58395e11ac661645e0d4182b803e/support/cas-server-support-spnego/src/main/java/org/apereo/cas/support/spnego/authentication/handler/support/JcifsSpnegoAuthenticationHandler.java#L49 It seems to me that CAS is expecting a Type 3 NTLM token straight away and doesn't fancy negotiating. What am I missing here? Thanks Tom -- - CAS gitter chatroom: https://gitter.im/apereo/cas - CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html - CAS documentation website: https://apereo.github.io/cas - CAS project website: https://github.com/apereo/cas --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CABML50dTioLXHbYuU18d1qmUQJ4rTF0nP_1LpiKeYYwrYAA8tA%40mail.gmail.com.
