kerberos/spnego sso
Michael B Allen
mba2000 at ioplex.com
Tue Sep 5 15:26:41 EDT 2006
On Mon, 4 Sep 2006 13:31:58 -0700 (PDT)
John User <johnuser755 at yahoo.com> wrote:
> I am having no luck setting up kerberos/spnego sso:
> The players:
>
> win2k3 AD box
> win xp client running IE 6 and latest firefox
> Weblogic 8.1 on a redhat box.
> Client trying to access resource on WLS:
>
> tcpdump shows WLS sending "WWW-Authenticate :
> Negotiate" in response to request for the protected
> resource from IE (and firefox)
> Neither IE nor firefox make any attempt to get a
> session ticket, - though they do send something
> encrtpted back in response.
The client probably already had the ticket so no comm. with KDC was
necessary. You should see the client submit 'Authorization: Negotiate
YIIExka83jsmd...more base64 encoded data'.
> There is no other
> WWW-Authenticate header being sent.
> klist shows the client machine does have a tgt.
> Any hints on how to debug, or has anyone had a similar
> experience??
> I have gone through all of the basic documented steps:
> creation of AD user for WL box, keytabfiles, JAAS
> config files... and the various changes on client
> browsers.
Sounds like it could be working. What exactly indicates to you that it
is not?
Mike
--
Michael B Allen
PHP Active Directory SSO
http://www.ioplex.com/
More information about the Kerberos
mailing list