We have SSO software called CAS configured for SPNEGO authentication. Clients with windows XP are working correctly with IE and Firefox, authenticating users by NTLM. Clients in Windows 7 are trying to authenticate using Kerberos, and we get this error in CAS:
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
Looking for information, I have found: "Negoex is needed by Microsoft technology for things such as active directory and can not be disabled. And the latest Java core beta-s does not yet accept it. Everything works fine with Windows XP. This problem only appears with Windows 7 or newer." (http://sourceforge.net/projects/spnego/forums/forum/1003769/topic/3763057)
So, I am wondering if there is some news about that:
Could NegoEx in Windows 7 be disabled to avoid Java errors?
Any tweak in Java to avoid NegoEx error? Java version able to work with NegoEx?
In an other way, can Windows 7 be force to use NTLM authentication for SPNEGO in Internet Explorer intead of Kerberos?