Unable to redirect 'Single Sign On' error page.

Kumar, Dileep Dileep.Kumar at atosorigin.com
Fri Jun 4 07:41:48 EDT 2010 

Dear William,

 

I have successfully installed/run SSO using Kerberos and mod_auth_kerb
module.

But still I have one issue with mod_auth_kerb.

 

I have installed Kerberos version: 'krb5-1.8.1'

Mod_auth_kerb version : mod_auth_kerb-5.0

Apache version : 1.3.1

 

After installation of Kerberos, it works fine as SSO for the machine in
specific domain for which I have configured it.

For the machine in non-domain network gives me 'Authorisation failed'
error page which is error#401.

For above error#401, I want to re-direct application to my 'specific
login page' which is not work as expected.

 

I am trying below code block to configure my 'httpd.conf' file in apache
which provide TGT to the system for SSO.

 

<LocationMatch "/spa/autoLogin.do*">

AuthType           Kerberos

AuthName           "Kerberos Active Directory Login"

KrbMethodNegotiate on

KrbMethodK5Passwd  off

KrbAuthRealms      SLB.COM

KrbServiceName     HTTP/nlxsl299.slb.atosorigin-asp.com at EUR.SLB.COM

Krb5Keytab         /opt/httpd/lib/krb5.keytab

KrbVerifyKDC       on

KrbAuthoritative   on

require            valid-user

 

##ErrorDocument 404 /spa/login.jsp

##ErrorDocument 401 /spa/login.jsp

</LocationzMatch>

 

 

Using above code snaps of 'httpd.conf' file, which works fine for SSO, I
try to redirect to 'login.jsp' in-case of user not get TGT (when user
try to access same url from non-domain machine). 

For this case I use :

ErrorDocument 404 /spa/login.jsp

ErrorDocument 401 /spa/login.jsp

 

But when I use above 401,404 error document entry in above code snaps,
it does not work for SSO and only gives 'login.jsp' page.

In the vice-versa, When I remove above 401,404 error document entry, my
SSO works fine.

 

Can you give me any suggestion/solution so that I can redirect
application to my error-page when TGT not generated?

 

I tried many combinations but does not get successful.

 

 

Kind Regards,

Dileep Kumar | Atos Origin India | Software Engineer
dileep.kumar at atosorigin.com | D: +91 -22-6733 4392| M: +91 9820585213| 

www.atosorigin.com

 

 

-----Original Message-----
From: Will Fiveash [mailto:William.Fiveash at Sun.COM] 
Sent: Tuesday, February 09, 2010 6:05 AM
To: Kumar, Dileep
Cc: William.Fiveash at Sun.COM; kerberos at mit.edu
Subject: Re: unable to get default realm for solaris 10

 

On Mon, Feb 08, 2010 at 12:52:20PM -0600, Douglas E. Engert wrote:

> 

> 

>  Kumar, Dileep wrote:

> > Dear Andrea,

> > I have installed native Kerberos on my solaris10 machine from
Solaris10 OS 

> > DVD.

> > Still I am getting the same error of 'does not specify default
realm'.

> > In side the file "/var/log/krb5kdc.log' I am getting following
error:

> > " krb5kdc: Configuration file does not specify default realm - while


> > attempting to retrieve default realm"

> > Can you please help me on it?

> 

>  So are you trying to run a KDC on this machine?

> 

>  What is in your /etc/krb5/krb5.conf and /etc/krb5/kdc.conf?

 

In addition there are detailed instructions on how to setup a Solaris 10

system as a KDC on sun.com:

 

http://docs.sun.com/app/docs/doc/816-4557/seamtm-1?a=view

 

Read the section on configuring a master KDC and follow the steps with

care.

 

-- 

Will Fiveash

Sun Microsystems Inc.

http://opensolaris.org/os/project/kerberos/

Sent from mutt, a sweet ASCII MUA

More information about the Kerberos mailing list