Discussions
Categories
- 197K All Categories
- 2.5K Data
- 546 Big Data Appliance
- 1.9K Data Science
- 450.8K Databases
- 221.9K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 552 MySQL Community Space
- 479 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3.1K ORDS, SODA & JSON in the Database
- 556 SQLcl
- 4K SQL Developer Data Modeler
- 187.2K SQL & PL/SQL
- 21.4K SQL Developer
- 296.3K Development
- 17 Developer Projects
- 139 Programming Languages
- 293K Development Tools
- 110 DevOps
- 3.1K QA/Testing
- 646.1K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 158 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.2K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 19 Java Essentials
- 162 Java 8 Questions
- 86K Java Programming
- 81 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 205 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 468 LiveLabs
- 39 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 175 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 233 Portuguese
GSSHeader did not find the right tag
900274
Member Posts: 1
Hello,
We have SSO software called CAS configured for SPNEGO authentication. Clients with windows XP are working correctly with IE and Firefox, authenticating users by NTLM. Clients in Windows 7 are trying to authenticate using Kerberos, and we get this error in CAS:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
...
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
...
Looking for information, I have found: "Negoex is needed by Microsoft technology for things such as active directory and can not be disabled. And the latest Java core beta-s does not yet accept it. Everything works fine with Windows XP. This problem only appears with Windows 7 or newer." (http://sourceforge.net/projects/spnego/forums/forum/1003769/topic/3763057)
So, I am wondering if there is some news about that:
Could NegoEx in Windows 7 be disabled to avoid Java errors?
Any tweak in Java to avoid NegoEx error? Java version able to work with NegoEx?
In an other way, can Windows 7 be force to use NTLM authentication for SPNEGO in Internet Explorer intead of Kerberos?
Help will be apreciated.
Edited by: 897271 on 14-nov-2011 23:37
We have SSO software called CAS configured for SPNEGO authentication. Clients with windows XP are working correctly with IE and Firefox, authenticating users by NTLM. Clients in Windows 7 are trying to authenticate using Kerberos, and we get this error in CAS:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
...
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
...
Looking for information, I have found: "Negoex is needed by Microsoft technology for things such as active directory and can not be disabled. And the latest Java core beta-s does not yet accept it. Everything works fine with Windows XP. This problem only appears with Windows 7 or newer." (http://sourceforge.net/projects/spnego/forums/forum/1003769/topic/3763057)
So, I am wondering if there is some news about that:
Could NegoEx in Windows 7 be disabled to avoid Java errors?
Any tweak in Java to avoid NegoEx error? Java version able to work with NegoEx?
In an other way, can Windows 7 be force to use NTLM authentication for SPNEGO in Internet Explorer intead of Kerberos?
Help will be apreciated.
Edited by: 897271 on 14-nov-2011 23:37
This discussion has been closed.