SPENGO SSO to Active directory not working in latest branches

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

SPENGO SSO to Active directory not working in latest branches

Aladen-jenn
I am trying to upgrade from Tomcat 8.5.4 to a more recent version.
I have tried both 8.5.56 and 9.0.36. Neither seems to be working. Tomcat starts, but I get an ERR_INVALID_RESPONSE when I try to go to the test page.

To be absolutely sure, I started with clean installations of all 3. I have a valid keytab file. (it works fine on 8.5.4) To which I did the below.
8.5.4 worked fine. The other 2 more recent ones broke.

So something changed between 8.5.4 and current versions. But I cant figure out what. Any ideas where to look?



On top of the clean installs I have the following
$TOMCAT_HOME/conf/jaas.conf
--------------------------------------------------
KTEST {
    com.sun.security.auth.module.Krb5LoginModule required
    doNotPrompt=true
    principal="HTTP/papsapex1.jallc.lan@JALLC.LAN"
    useKeyTab=true
    keyTab="/opt/apex/apex_sso.keytab"
    debug=true
    storeKey=true;
};

$TOMCAT_HOME/conf/Catalina/localhost/ktest.xml

<?xml version="1.0" encoding="UTF-8"?>
<Context>
  <Valve className="org.apache.catalina.authenticator.SpnegoAuthenticator"
      loginConfigName="KTEST"
  />
  <Realm className="org.apache.catalina.realm.JAASRealm"
         allRolesMode="authOnly"
         appName="KTEST"
  />
</Context>
--------------------------------------------------


$TOMCAT_HOME/bin/setenv.sh
---------------------------------------------------
#!/bin/sh
JAVA_OPTS="$JAVA_OPTS -Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.conf"
---------------------------------------------------

$TOMCAT_HOME/webapp/ktest/WEB-INF/web.xml
---------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<session-config>
 <session-timeout>
  30
 </session-timeout>
</session-config>
<security-constraint>
  <display-name>test_auth</display-name>
  <web-resource-collection>
    <web-resource-name>KTEST</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>*</role-name>
  </auth-constraint>
</security-constraint>
<login-config>
  <auth-method>SPNEGO</auth-method>
</login-config>
</web-app>
-----------------------------------------------

$TOMCAT_HOME/webapp/ktest/index.jsp
-----------------------------------------------
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<%@page import="java.util.*"%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>SPNEGO test</title>
</head>
<body>

Hello World!

<p>auth type: <%=request.getAuthType()%> </p>
<p>remote user: <%=request.getRemoteUser() %> </p>
<p>principal: <%=request.getUserPrincipal() %></p>
<p>name: <%= (request.getUserPrincipal()!=null)?request.getUserPrincipal().getName():"NO PRINCIPAL" %></p>

       

CGI Variables:

JSP-equivalents to CGI variables: </br>

AUTH_TYPE:       <%= request.getAuthType() %> </br>
CONTENT_LENGTH:  <%= request.getContentLength() %> </br>
CONTENT_TYPE:    <%= request.getContentType() %> </br>
PATH_INFO:       <%= request.getPathInfo() %> </br>
PATH_TRANSLATED: <%= request.getPathTranslated() %> </br>
QUERY_STRING:    <%= request.getQueryString() %> </br>
REMOTE_ADDR:     <%= request.getRemoteAddr() %> </br>
REMOTE_HOST:     <%= request.getRemoteHost() %> </br>
REMOTE_USER:     <%= request.getRemoteUser() %> </br>
REQUEST_METHOD:  <%= request.getMethod() %> </br>
SCRIPT_NAME:     <%= request.getServletPath() %> </br>
SERVER_NAME:     <%= request.getServerName() %> </br>
SERVER_PORT:     <%= request.getServerPort() %> </br>
SERVER_PROTOCOL: <%= request.getProtocol() %> </br>
SERVER_SOFTWARE: <%= getServletContext().getServerInfo() %> </br>
 </br>
Other parameters I'm often interested in: </br>
 </br>
Request URI:          <%= request.getRequestURI() %> </br>
Request URL:          <%= request.getRequestURL() %> </br>
Request Context Path: <%= request.getContextPath() %> </br>
Real Path:            <%= getServletContext().getRealPath("/") %> </br>
       

Request Headers:

        <%  java.util.Enumeration e = request.getHeaderNames();
            while (e.hasMoreElements()) {
                String name = (String)e.nextElement();
                String value = request.getHeader(name); %>
                <%= name %>: <%= value %> <br> <%  } %>


                               

System.getenv()

                                                                                                                                                                                                                                                                                                                                                                                                                        <%
           Map<String,String> env =  System.getenv();
          for (String key : env.keySet() ) {%>
                                                                                                                                                                                                                                                                <% }%>
                                                                       
NameValue
<%=key%><%=env.get(key)%>


</body>
</html>
---------------------------------------------------------