jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

Apereo Issues | Mathew Anderson | 4 years ago
tip
Your exception is missing from the Samebug knowledge base.
Here are the best solutions we found on the Internet.
Click on the to mark the helpful solution and get rewards for you help.
  1. 0

    spnego authentication stops working when CAS deployed

    Stack Overflow | 4 years ago | Árpád Magosányi
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  2. 0

    Client not found in Kerberos database

    Stack Overflow | 3 years ago | MagiX
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  3. 0

    CAS + SPNEGO + Auth error | Oracle Community

    oracle.com | 2 years ago
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    The request to have CAS support other ciphers when doing kerberos/SPENGO authentication. From what I can tell, CAS only supports rc4. Our KDC only supports AES-256. Having the keytabs setup correctly and I can kinit/klist. Also I can do SPNEGO at the apache level on the same machine without issue. But trying to get CAS to work with SPENGO, I am getting odd encryption issues. It looks like when I connect to CAS with my browser, it is selecting the rc4 encryption type, not the aes-256 one. Here is an except from my log: default etypes for default_tkt_enctypes: 3 1 23 16 17 18. Pre-Authenticaton: find key for etype = 23 AS-REQ: Add PA_ENC_TIMESTAMP now >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: #bytes read=645 >>> KrbKdcReq send: #bytes read=645 >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/myserver Entered Krb5Context.acceptSecContext with state=STATE_NEW jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException at jcifs.spnego.Authentication.processKerberos(Authentication.java:447) at jcifs.spnego.Authentication.processSpnego(Authentication.java:346) at jcifs.spnego.Authentication.process(Authentication.java:235) .... Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) ... 154 more Caused by: KrbException: Specified version of key is not available (44) at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:516) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) After trying to research this, I did see in an older post (http://jasig.275507.n4.nabble.com/CAS-SPNEGO-authentication-always-right-with-IE-td1568991.html) the following: The default tkt and tgs enctypes need to be set to rc4-hmac. Windows Server 2008 supports encryption up to 256 aes however, not all Kerberos clients do, including the CAS server Kerberos client. The encryption is forced down to rc4-hmac for compatibility with CAS.

    Apereo Issues | 4 years ago | Mathew Anderson
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  6. 0

    CAS + SPNEGO + Auth error

    Oracle Community | 8 years ago | 756738
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

    1 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. jcifs.spnego.AuthenticationException

      Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

      at jcifs.spnego.Authentication.processKerberos()
    2. jcifs.spnego
      Authentication.process
      1. jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
      2. jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
      3. jcifs.spnego.Authentication.process(Authentication.java:235)
      3 frames