NTLM Negotiation

Tom Barber

unread,

Nov 22, 2016, 5:31:22 AM11/22/16

to cas-...@apereo.org

Hi folks,

Maybe someone can shed some light on NTLM stuff here because its got me confused.

I want my browsers to accept NTLM logins and I can see the browser sending a NTLM header:

2016-11-22 10:26:03,099 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoNegociateCredentialsAction] - Authorization header [Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==], User Agent header [Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:48.0) Gecko/20100101 Firefox/48.0]

2016-11-22 10:26:03,099 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO Authorization header located as Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==

2016-11-22 10:26:03,100 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - SPNEGO Authorization header found with 56 bytes

2016-11-22 10:26:03,100 DEBUG [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - Obtained token: NTLMSSP ��

2016-11-22 10:26:03,139 DEBUG [org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - Processing SPNEGO authentication

2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [AuthenticationTransaction] for audit

2016-11-22 10:26:03,227 DEBUG [org.jasig.cas.audit.spi.TicketOrCredentialPrincipalResolver] - Resolving argument [SpnegoCredential] for audit

2016-11-22 10:26:03,229 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: unknown

WHAT: Supplied credentials: [unknown]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Tue Nov 22 10:26:03 UTC 2016

CLIENT IP ADDRESS: 10.31.32.70

SERVER IP ADDRESS: 172.200.0.6

=============================================================

2016-11-22 10:26:03,229 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: unknown

WHAT: Supplied credentials: [unknown]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Tue Nov 22 10:26:03 UTC 2016

CLIENT IP ADDRESS: 10.31.32.70

SERVER IP ADDRESS: 172.200.0.6

=============================================================

2016-11-22 10:26:03,233 WARN [org.jasig.cas.support.spnego.web.flow.SpnegoCredentialsAction] - null

java.lang.NullPointerException

at org.jasig.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:67)

....

When I look at: https://github.com/apereo/cas/blob/16a70316889d58395e11ac661645e0d4182b803e/support/cas-server-support-spnego/src/main/java/org/apereo/cas/support/spnego/authentication/handler/support/JcifsSpnegoAuthenticationHandler.java#L49

It seems to me that CAS is expecting a Type 3 NTLM token straight away and doesn't fancy negotiating. What am I missing here?

Thanks

Tom

Tom Barber

unread,

Nov 22, 2016, 5:32:14 AM11/22/16

to cas-...@apereo.org

Sorry.. CAS 4.2.4 on Tomcat, no proxy etc.

Brent Sun

unread,

May 18, 2017, 9:46:22 PM5/18/17

to CAS Community

Tom, did you resolve this issue? I have same issue.

thanks.

rgds

brent

Reply all

Reply to author

Forward