Discussions
Categories
- 382.6K All Categories
- 2.1K Data
- 213 Big Data Appliance
- 1.9K Data Science
- 448.5K Databases
- 221.1K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 542 MySQL Community Space
- 469 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 503 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.3K SQL & PL/SQL
- 21.1K SQL Developer
- 294K Development
- 9 Developer Projects
- 131 Programming Languages
- 290.7K Development Tools
- 97 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 151 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 17 Java Essentials
- 147 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 201 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 301 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 168 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 235 Portuguese
GSSHeader did not find the right tag
900274
Member Posts: 1
Hello,
We have SSO software called CAS configured for SPNEGO authentication. Clients with windows XP are working correctly with IE and Firefox, authenticating users by NTLM. Clients in Windows 7 are trying to authenticate using Kerberos, and we get this error in CAS:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
...
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
...
Looking for information, I have found: "Negoex is needed by Microsoft technology for things such as active directory and can not be disabled. And the latest Java core beta-s does not yet accept it. Everything works fine with Windows XP. This problem only appears with Windows 7 or newer." (http://sourceforge.net/projects/spnego/forums/forum/1003769/topic/3763057)
So, I am wondering if there is some news about that:
Could NegoEx in Windows 7 be disabled to avoid Java errors?
Any tweak in Java to avoid NegoEx error? Java version able to work with NegoEx?
In an other way, can Windows 7 be force to use NTLM authentication for SPNEGO in Internet Explorer intead of Kerberos?
Help will be apreciated.
Edited by: 897271 on 14-nov-2011 23:37
We have SSO software called CAS configured for SPNEGO authentication. Clients with windows XP are working correctly with IE and Firefox, authenticating users by NTLM. Clients in Windows 7 are trying to authenticate using Kerberos, and we get this error in CAS:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
...
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
...
Looking for information, I have found: "Negoex is needed by Microsoft technology for things such as active directory and can not be disabled. And the latest Java core beta-s does not yet accept it. Everything works fine with Windows XP. This problem only appears with Windows 7 or newer." (http://sourceforge.net/projects/spnego/forums/forum/1003769/topic/3763057)
So, I am wondering if there is some news about that:
Could NegoEx in Windows 7 be disabled to avoid Java errors?
Any tweak in Java to avoid NegoEx error? Java version able to work with NegoEx?
In an other way, can Windows 7 be force to use NTLM authentication for SPNEGO in Internet Explorer intead of Kerberos?
Help will be apreciated.
Edited by: 897271 on 14-nov-2011 23:37
This discussion has been closed.