Repeatedly getting HTTP 401 Unauthorized when using Negotiate authentication

Arpit Srivastava arpit.orb at
Wed Sep 18 10:08:12 EDT 2013


I am trying to realize SAML 2.0 SSO using ADFS with Google Calender service
using my non-native application. I obtain the TGT and service ticket for
the host on which ADFS is running, generate an authentication token, and
send it with Negotiate in Authorization header (at the very place where I
send credential containing username and password).

get_new = new HttpGet(locationUrl);
get_new.addHeader("Authorization", "Negotiate " + accessToken);
response = client.execute(get_new);

GET /adfs/ls?SAMLRequest=......
Authorization: Negotiate accessToken
Cache-Control: no-cache

However, I am getting 401 unauthorized in response. When I checked on
Windows Server 2003, I could see KRB5KRB_ERR_GENERIC.

When I do the same using Browser's Integrated Windows Authentication, the
Kerberos Authentication to the ADFS is successful (i.e. it uses Windows
login credentials and doesnt ask for username/password). I can see in the
logs of working scenario that I am using the correct SPN for ADFS service.

Please help me to find out the solution.


More information about the krbdev mailing list