I'm trying to implement SPNEGO Kerberose based SSO, followed the instructions from http://spnego.sourceforge.net/pre_flight.html. While deploying the sample application in tomcat i'm getting the following error.
javax.servlet.ServletException: javax.security.auth.login.LoginException: Cannot locate default realm
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:198)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:273)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:254)
at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilterConfig.java:372)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:98)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4542)
at org.apache.catalina.core.StandardContext$2.call(StandardContext.java:5220)
at org.apache.catalina.core.StandardContext$2.call(StandardContext.java:5215)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.auth.login.LoginException: Cannot locate default realm
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at net.sourceforge.spnego.SpnegoAuthenticator.<init>(SpnegoAuthenticator.java:161)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:196)
... 11 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.PrincipalName.<init>(Unknown Source)
... 26 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.Config.getDefaultRealm(Unknown Source)
... 27 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate Kerberos realm
at sun.security.krb5.Config.getRealmFromDNS(Unknown Source)
Following is the content of my krb5.conf file
[libdefaults]
default_realm = VSSO.LOCAL
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
VSSO.LOCAL = {
kdc = adsrv.vsso.local
default_domain = VSSO.LOCAL
}
Following is the login.conf file
spnego-client {
com.sun.security.auth.module.Krb5LoginModule required;
};
spnego-server {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
isInitiator=false;
};
[domain_realm]
.VSSO.LOCAL = VSSO.LOCAL
Any idea about this issue ?
-Djava.security.debug=gssloginconfig,configfile,configparser,logincontexton command line (or via Java code), plusdebug=truein both client and server JAAS configs. Then you may get some insights about what happens under the covers. – Samson Scharfrichter-Dsun.security.spnego.debug=true(courtesy of the-man-who-wants-to-outstare-Kerberos) steveloughran.gitbooks.io/kerberos_and_hadoop/content/sections/… – Samson Scharfrichter