Kerberos Login Handler not working
Akhtar, Sina Nek
Sina.Akhtar at Teradata.com
Thu Aug 27 08:23:43 EDT 2015
Hi,
I followed the instructions on the SHIB2 wiki to enable the kerberos login handler 1.3. After struggling with it for a few days, I have reached a point where I can see the login page but when I try to login, I do not see any requests to test the user against the principal using the key tab file. Instead, I see a simple HTTP 401 but I am not user if its a problem with the header (so I can check my apache configuration) or calling the servlet. The error is shown below (TRACE level on for the kerberos handler. Any tips or hints to put me in the right direction would be appreciated.
11:56:49.833 - INFO [ch.SWITCH.aai.idp.kerberos.KrbLoginServlet:125] - kerberos idp servlet started
11:56:49.834 - DEBUG [ch.SWITCH.aai.idp.kerberos.HttpNegotiator:72] - HTTP: Returning response code '401'. Authorization header not found.
11:56:49.835 - ERROR [ch.SWITCH.aai.idp.kerberos.KrbLoginServlet:158] - Authentication process error.
java.lang.NullPointerException: null
at ch.SWITCH.aai.idp.kerberos.KrbLoginServlet.flushResponse(KrbLoginServlet.java:84) [kerberos-login-handler-1.3.jar:na]
at ch.SWITCH.aai.idp.kerberos.KrbLoginServlet.service(KrbLoginServlet.java:149) [kerberos-login-handler-1.3.jar:na]
at ch.SWITCH.aai.idp.kerberos.KrbLoginServlet.service(KrbLoginServlet.java:115) [kerberos-login-handler-1.3.jar:na]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) [servlet-api.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) [catalina.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.59]
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat7-websocket.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.59]
at edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter.doFilter(NoCacheFilter.java:49) [shibboleth-identityprovider-2.2.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.59]
at edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter.doFilter(IdPSessionFilter.java:77) [shibboleth-identityprovider-2.2.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.59]
at edu.internet2.middleware.shibboleth.common.log.SLF4JMDCCleanupFilter.doFilter(SLF4JMDCCleanupFilter.java:51) [shibboleth-common-1.2.1.jar:na]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) [catalina.jar:7.0.59]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) [catalina.jar:7.0.59]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) [catalina.jar:7.0.59]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) [catalina.jar:7.0.59]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) [catalina.jar:7.0.59]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) [catalina.jar:7.0.59]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103) [catalina.jar:7.0.59]
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) [catalina.jar:7.0.59]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) [catalina.jar:7.0.59]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421) [catalina.jar:7.0.59]
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074) [tomcat-coyote.jar:7.0.59]
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611) [tomcat-coyote.jar:7.0.59]
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314) [tomcat-coyote.jar:7.0.59]
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_75]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_75]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-coyote.jar:7.0.59]
at java.lang.Thread.run(Thread.java:745) [na:1.7.0_75]
11:56:49.836 - DEBUG [ch.SWITCH.aai.idp.kerberos.KrbLoginServlet:185] - Authentication failed.
11:56:49.836 - DEBUG [ch.SWITCH.aai.idp.kerberos.KrbLoginHandler:262] - Redirecting to login page
11:56:49.837 - TRACE [ch.SWITCH.aai.idp.kerberos.KrbLoginHandler:218] - Redirecting to null
Ciao,
Sina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150827/2266c604/attachment-0001.html>
More information about the users
mailing list