I have a java client connecting to a WCF service. This service is configured to run on the host as a separate domain user (ie not as Local Service or Network Service). The Service publishes a userPrincipalName in its WSDL.
During the SpNego token exchange I get the following exception in the client
Defective token detected (Mechanism level: AP_REP token id does not match!)
This is the call stack:
at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:450)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162)
If I configure the WCF service to run under Local System account the SpNego token exchange works. Do I need to modify the code for services not running under Local system account?
Update-1
After some debugging by getting a C# client to connect with the WCF service, I found that the C# client is using a modified version of SpNego protocol called MS-SPNG . Does Java 6 support this? When I inspect the token I get an error about unsupported mechanism 1.2.840.113554.1.2.2.3.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.