[英]SpNego: Defective Token Detected
I have a java client connecting to a WCF service. 我有一个Java客户端连接到WCF服务。 This service is configured to run on the host as a separate domain user (ie not as Local Service or Network Service).
将该服务配置为作为单独的域用户(即不是本地服务或网络服务)在主机上运行。 The Service publishes a userPrincipalName in its WSDL.
服务在其WSDL中发布userPrincipalName。
During the SpNego token exchange I get the following exception in the client 在SpNego代币交换过程中,客户端出现以下异常
Defective token detected (Mechanism level: AP_REP token id does not match!)
This is the call stack:
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:450)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
If I configure the WCF service to run under Local System account the SpNego token exchange works. 如果我将WCF服务配置为在本地系统帐户下运行,则SpNego令牌交换会起作用。 Do I need to modify the code for services not running under Local system account?
是否需要为不在本地系统帐户下运行的服务修改代码?
Update-1 更新1
After some debugging by getting a C# client to connect with the WCF service, I found that the C# client is using a modified version of SpNego protocol called MS-SPNG . 通过使C#客户端与WCF服务连接进行一些调试之后,我发现C#客户端正在使用SpNego协议的修改版本MS-SPNG 。 Does Java 6 support this?
Java 6是否支持此功能? When I inspect the token I get an error about unsupported mechanism 1.2.840.113554.1.2.2.3.
当我检查令牌时,收到关于不受支持的机制1.2.840.113554.1.2.2.3的错误。
These links explains whats happening. 这些链接说明发生了什么。 MS has a extension for SpNego protocol, which kicks in when we run a WCF service as a user (ie not as Local Service etc).
MS具有SpNego协议的扩展,当我们以用户身份运行WCF服务(即不是本地服务等)时,该协议即会启动。 This is the MS specification for the new protocol, and here is the openjdk doc that xplains the workarounds.
这是新协议的MS规范, 这是xplains解决方法的openjdk文档。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.