jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

Apereo Issues | Mathew Anderson | 4 years ago
  1. 0

    Additional ciphers needed for kerberos support (AES-256)

    GitHub | 2 years ago | mmoayyed
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  2. 0

    spnego authentication stops working when CAS deployed

    Stack Overflow | 4 years ago | Árpád Magosányi
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  3. 0

    Client not found in Kerberos database

    Stack Overflow | 3 years ago | MagiX
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    CAS + SPNEGO + Auth error | Oracle Community

    oracle.com | 1 year ago
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
  6. 0

    The request to have CAS support other ciphers when doing kerberos/SPENGO authentication. From what I can tell, CAS only supports rc4. Our KDC only supports AES-256. Having the keytabs setup correctly and I can kinit/klist. Also I can do SPNEGO at the apache level on the same machine without issue. But trying to get CAS to work with SPENGO, I am getting odd encryption issues. It looks like when I connect to CAS with my browser, it is selecting the rc4 encryption type, not the aes-256 one. Here is an except from my log: default etypes for default_tkt_enctypes: 3 1 23 16 17 18. Pre-Authenticaton: find key for etype = 23 AS-REQ: Add PA_ENC_TIMESTAMP now >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsReq calling createMessage >>> KrbAsReq in createMessage >>> KrbKdcReq send: #bytes read=645 >>> KrbKdcReq send: #bytes read=645 >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType >>> KrbAsRep cons in KrbAsReq.getReply HTTP/myserver Entered Krb5Context.acceptSecContext with state=STATE_NEW jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException at jcifs.spnego.Authentication.processKerberos(Authentication.java:447) at jcifs.spnego.Authentication.processSpnego(Authentication.java:346) at jcifs.spnego.Authentication.process(Authentication.java:235) .... Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44)) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) ... 154 more Caused by: KrbException: Specified version of key is not available (44) at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:516) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) After trying to research this, I did see in an older post (http://jasig.275507.n4.nabble.com/CAS-SPNEGO-authentication-always-right-with-IE-td1568991.html) the following: The default tkt and tgs enctypes need to be set to rc4-hmac. Windows Server 2008 supports encryption up to 256 aes however, not all Kerberos clients do, including the CAS server Kerberos client. The encryption is forced down to rc4-hmac for compatibility with CAS.

    Apereo Issues | 4 years ago | Mathew Anderson
    jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

    1 unregistered visitors
    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. jcifs.spnego.AuthenticationException

      Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException

      at jcifs.spnego.Authentication.processKerberos()
    2. jcifs.spnego
      Authentication.process
      1. jcifs.spnego.Authentication.processKerberos(Authentication.java:447)
      2. jcifs.spnego.Authentication.processSpnego(Authentication.java:346)
      3. jcifs.spnego.Authentication.process(Authentication.java:235)
      3 frames