Debugging Negotiate problems?
2,410 views
Skip to first unread message
Ryan McKinley
Aug 5, 2012, 3:31:18 PM8/5/12
to waffle...@googlegroups.com
I'm running Waffle under Jetty and need to integrate with Apache Shiro. I have built an authenticating Realm that works great using the Waffle to login with user/pass -- thanks!
Now I'm trying to get Negotiate working without success. When connect with IE9 I see that tokens Negotiate tokens are passed, but it fails to login
2012-08-05 12:19:33,802 DEBUG waffle.servlet.NegotiateSecurityFilter - GET /test, contentlength: -1
2012-08-05 12:19:33,803 DEBUG waffle.servlet.NegotiateSecurityFilter - authorization required
2012-08-05 12:19:33,803 TRACE waffle.servlet.NegotiateSecurityFilter - sendUnauthorized. Connection=keep-alive
2012-08-05 12:19:33,806 DEBUG waffle.servlet.NegotiateSecurityFilter - GET /test, contentlength: -1
2012-08-05 12:19:33,807 TRACE waffle.servlet.spi.NegotiateSecurityFilterProvider - AuthorizationHeader: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
2012-08-05 12:19:33,808 DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:55445
2012-08-05 12:19:33,810 DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - token buffer: 40 byte(s)
2012-08-05 12:19:33,990 WARN waffle.servlet.NegotiateSecurityFilter - error logging in user: The token supplied to the function is invalid
2012-08-05 12:19:33,990 TRACE waffle.servlet.NegotiateSecurityFilter - sendUnauthorized. Connection=close
The message "The token supplied to the function is invalid" is from the Win32Exception:
com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
at waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:123)
at waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:97)
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:108)
at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:94)
Any pointers on what to look at next?
What are the windows domain requirements? Should 'Negotiate' work for a computer that is in a WORKGROUP rather then a domain? Is there anyway to test Negotiate directly from java (without a browser)?
Thanks
Ryan
Now I'm trying to get Negotiate working without success. When connect with IE9 I see that tokens Negotiate tokens are passed, but it fails to login
2012-08-05 12:19:33,802 DEBUG waffle.servlet.NegotiateSecurityFilter - GET /test, contentlength: -1
2012-08-05 12:19:33,803 DEBUG waffle.servlet.NegotiateSecurityFilter - authorization required
2012-08-05 12:19:33,803 TRACE waffle.servlet.NegotiateSecurityFilter - sendUnauthorized. Connection=keep-alive
2012-08-05 12:19:33,806 DEBUG waffle.servlet.NegotiateSecurityFilter - GET /test, contentlength: -1
2012-08-05 12:19:33,807 TRACE waffle.servlet.spi.NegotiateSecurityFilterProvider - AuthorizationHeader: Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGAbEdAAAADw==
2012-08-05 12:19:33,808 DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - security package: Negotiate, connection id: 0:0:0:0:0:0:0:1:55445
2012-08-05 12:19:33,810 DEBUG waffle.servlet.spi.NegotiateSecurityFilterProvider - token buffer: 40 byte(s)
2012-08-05 12:19:33,990 WARN waffle.servlet.NegotiateSecurityFilter - error logging in user: The token supplied to the function is invalid
2012-08-05 12:19:33,990 TRACE waffle.servlet.NegotiateSecurityFilter - sendUnauthorized. Connection=close
The message "The token supplied to the function is invalid" is from the Win32Exception:
com.sun.jna.platform.win32.Win32Exception: The token supplied to the function is invalid
at waffle.windows.auth.impl.WindowsAuthProviderImpl.acceptSecurityToken(WindowsAuthProviderImpl.java:123)
at waffle.servlet.spi.NegotiateSecurityFilterProvider.doFilter(NegotiateSecurityFilterProvider.java:97)
at waffle.servlet.spi.SecurityFilterProviderCollection.doFilter(SecurityFilterProviderCollection.java:108)
at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:94)
Any pointers on what to look at next?
What are the windows domain requirements? Should 'Negotiate' work for a computer that is in a WORKGROUP rather then a domain? Is there anyway to test Negotiate directly from java (without a browser)?
Thanks
Ryan
Ryan McKinley
Aug 5, 2012, 4:14:42 PM8/5/12
to waffle...@googlegroups.com
I just found:
and will keep digging... hopefully this will solve my issues
ryan
Daniel Doubrovkine
Aug 6, 2012, 8:47:02 AM8/6/12
to waffle...@googlegroups.com
Note that this doc has moved to Github as well.
There's also an FAQ
Please make pull requests to improve the documentation.
Ryan McKinley
Aug 8, 2012, 12:39:39 PM8/8/12
to waffle...@googlegroups.com
As a followup, it seems like everything is working great now with the 1.5 beta
I suspect the problem was I'm running on x64 machines and perhaps that
is fixed in jna 3.4.2.b72
Thanks!
ryan
I suspect the problem was I'm running on x64 machines and perhaps that
is fixed in jna 3.4.2.b72
Thanks!
ryan
Daniel Doubrovkine
Aug 9, 2012, 4:10:00 AM8/9/12
to waffle...@googlegroups.com
Great to hear it. This was a big mess that I made in the 64-bit support in JNA 3.4.0. You can see the fixes in
https://github.com/twall/jna/commit/6439e364647807b6479e9bc99e65c08904ef041c if you're interested.
Reply all
Reply to author
Forward
0 new messages