CAS v5.2 Kerberos和spnego认证

时间:2018-07-16 17:48:06

标签: kerberos cas spnego

我正在按照https://apereo.github.io/cas/5.2.x/installation/SPNEGO-Authentication.html教程配置CAS 5.2 spnego kerberos身份验证。

kerberos测试都可以。

我还在活动目录中定义了一个SPN帐户“ spnadmin” 并可以使用kerberos进行身份验证测试

这是我的cas属性配置:

cas.authn.spnego.jcifsDomainController=archeo.active.com
cas.authn.spnego.jcifsDomain=ARCHEO.DS.IT
cas.authn.spnego.jcifsUsername=spnadmin
cas.authn.spnego.jcifsPassword=xxxxxx
cas.authn.spnego.jcifsServicePrincipal=HTTP/archeo.active.com@ARCHEO.DS.IT
cas.authn.spnego.jcifsServicePassword=xxxxxxx
cas.authn.spnego.kerberosConf=/etc/krb5.conf
cas.authn.spnego.kerberosDebug=true
cas.authn.spnego.kerberosKdc=archeo.active.com
cas.authn.spnego.kerberosRealm=ARCHEO.DS.IT
cas.authn.spnego.loginConf=/etc/login.conf
cas.authn.spnego.mixedModeAuthentication=false
cas.authn.spnego.ntlm=false
cas.authn.spnego.ntlmAllowed=true
cas.authn.spnego.principalWithDomainName=false
cas.authn.spnego.send401OnAuthenticationFailure=true
cas.authn.spnego.supportedBrowsers=MSIE,Trident,Firefox,AppleWebKit
cas.authn.spnego.timeout=300000

cas.authn.spnego.ldap.ldapUrl=ldap://archeo.active.com:389
cas.authn.spnego.ldap.baseDn=DC=archeo,DC=ds,DC=it
cas.authn.spnego.ldap.userFilter=(sAMAccountName={user})
cas.authn.spnego.ldap.bindDn=administrator@archeo.ds.it
cas.authn.spnego.ldap.bindCredential=xxxxxx
cas.authn.spnego.ldap.providerClass=org.ldaptive.provider.unboundid.UnboundIDProvider
cas.authn.spnego.ldap.connectTimeout=5000
cas.authn.spnego.ldap.useStartTls=false

这是我的login.conf:

jcifs.spnego.initiate {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="/etc/spnadmin.keytab";
};

jcifs.spnego.accept {
   com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="/etc/spnadmin.keytab";
};

但是我有一个spnego身份验证错误:

=============================================================
WHO: audit:unknown
WHAT: [event=success,timestamp=Mon Jul 16 13:29:52 CEST 2018,source=RankedAuthenticationProviderWebflowEventResolver]
ACTION: AUTHENTICATION_EVENT_TRIGGERED
APPLICATION: CAS
WHEN: Mon Jul 16 13:29:52 CEST 2018
CLIENT IP ADDRESS: 192.168.19.191
SERVER IP ADDRESS: 192.168.19.1
=============================================================


2018-07-16 13:29:52,131 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Located client IP address as [192.168.19.191]>

2018-07-16 13:29:52,131 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <User agent [Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E)] is authorized to proceed>

2018-07-16 13:29:52,132 DEBUG [org.apereo.cas.authentication.adaptive.DefaultAdaptiveAuthenticationPolicy] - <Adaptive authentication policy has authorized client [192.168.19.191] to proceed.>

2018-07-16 13:29:52,132 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>

2018-07-16 13:29:52,133 DEBUG [org.apereo.cas.web.support.WebUtils] - <Evaluating request to determine if warning cookie should be generated>

2018-07-16 13:29:52,134 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <No specific authentication handlers are required for this transaction>

2018-07-16 13:29:52,134 DEBUG [org.apereo.cas.authentication.RegisteredServiceAuthenticationHandlerResolver] - <Authentication handlers used for this transaction are [JcifsSpnegoAuthenticationHandler,HttpBasedServiceCredentialsAuthenticationHandler]>

2018-07-16 13:29:52,135 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication>

2018-07-16 13:29:52,136 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Authenticated SPNEGO principal [null]>

2018-07-16 13:29:52,136 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Retrieving the next token for authentication>

2018-07-16 13:29:52,137 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Setting nextToken in credential>

2018-07-16 13:29:52,138 DEBUG [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <[JcifsSpnegoAuthenticationHandler] exception details: [Principal is null, the processing of the SPNEGO Token failed].>

2018-07-16 13:29:52,138 **ERROR [org.apereo.cas.authentication.PolicyBasedAuthenticationManager] - <Authentication has failed. Credentials may be incorrect or CAS cannot find authentication handler that supports [unknown] of type [SpnegoCredential].>**

2018-07-16 13:29:52,139 INFO [org.apereo.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit trail record BEGIN

=============================================================
WHO: unknown
WHAT: Supplied credentials: [unknown]
ACTION: AUTHENTICATION_FAILED
APPLICATION: CAS
WHEN: Mon Jul 16 13:29:52 CEST 2018
CLIENT IP ADDRESS: 192.168.19.191
SERVER IP ADDRESS: 192.168.19.1
=============================================================

有人可以帮助我吗?可能是cas配置属性中的问题

0 个答案:

没有答案