Am 2013-10-08 10:39, schrieb Chawla, Rachit:
Hi All,
I am struggling on SSO configuration using SPENGO mechanism on Tomcat 7.0.42
but not able to get it working. We tried on 7.0.29 version too. Since I get
Login Successful in logs, I assume Kerberos login was successful. Its
SpnegoAuthentication that is failing.
Exception:
java.security.PrivilegedActionException: org.ietf.jgss.GSSException, major
code: 11, minor code: 0
major string: General failure, unspecified at GSSAPI level
minor string: Desired initLifetime zero or less
Used http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html as
reference. On decompiling SpnegoAuthenticator code, we saw that we are using
GSSCredential.DEFAULT_LIFETIME in createCredential method, which might be the
reason for the exception.
final PrivilegedExceptionAction<GSSCredential> action =
new PrivilegedExceptionAction<GSSCredential>() {
@Override
public GSSCredential run() throws GSSException {
return manager.createCredential(null,
GSSCredential.DEFAULT_LIFETIME,
new Oid("1.3.6.1.5.5.2"),
GSSCredential.ACCEPT_ONLY);
}
};
Hi,
I am using the same source code for my SpnegoAuthenticator with an
Oracle JVM on Windows and a HP VM on HP-UX.
Something must be different/wrong with the JGSS Provider from IBM.
What you could do is download my source [1], change the lifetime to
GSSCredential.INDEFINITE_LIFETIME and see whether it fixes the problem.
Michael
[1] http://tomcatspnegoad.sourceforge.net/download.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org