[英]Kerberos SSO in java 7
我使用jre 6 + tomcat 7使用kerberos配置了SSO,一切正常。
它在jre7u60 + tomcat 7.0中不起作用,出现以下错误消息
Caused by: javax.security.auth.login.LoginException: Client not found in Kerberos database (6)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at com.emc.documentum.kerberos.utility.KerberosUtility.createLoginContext(KerberosUtility.java:193)
... 20 more
Caused by: KrbException: Client not found in Kerberos database (6)
at sun.security.krb5.KrbAsRep.<init>(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.send(Unknown Source)
at sun.security.krb5.KrbAsReqBuilder.action(Unknown Source)
... 34 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.init(Unknown Source)
at sun.security.krb5.internal.ASRep.<init>(Unknown Source)
... 37 more
在下面找到krb5.ini和.conf文件
krb5.ini
[libdefaults]
default_realm = eu.xyz.com ticket_lifetime = 24h default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1 [realms] eu.xyz.com= { kdc = EUDC07.eu.xyz.com admin_server = EUDC07.eu.xyz.com default_domain = eu.xyz.com }
ktb5login.conf
HTTP-wsv000910-eu-xyz-com
{
com.sun.security.auth.module.Krb5LoginModule required
refreshKrb5Config=false
useKeyTab=true
doNotPrompt=true
noTGT=true
principal="HTTP/wsv000910.eu.xyz.com"
realm="eu.xyz.com"
debug=true
keyTab="D:\\apps\\http_wsv000910.keytab";
};
不知道它是否相关,但是我们发现在Java 7中,使用ktab.exe创建keytab时,必须在命令行中添加其他参数“ -n 0”。
Java SSO:针对 Active Directory 的 Kerberos 身份验证
[英]Java SSO: Kerberos authentication against Active Directory
Java Kerberos SSO 和 Windows NT-ENTERPRISE 名称类型
[英]Java Kerberos SSO and Windows NT-ENTERPRISE name type
使用Kerberos的TCP通过Java服务器的SSO .NET胖客户端
[英]SSO .NET thick client with Java server via TCP using Kerberos
Java 客户端和 Kerberos / SSO - Krb5LoginModule - 不重复使用票证
[英]Java client and Kerberos / SSO - Krb5LoginModule - not re-using tickets
SSO身份验证结合了Kerberos,ADFS和Spring Security
[英]SSO authentication combining Kerberos, ADFS and Spring Security
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.