AnsweredAssumed Answered

[SOLVED] Simple SSO Kerberos Authentication anyone?

Question asked by wuff on Jan 15, 2009
Latest reply on Jan 19, 2009 by meansartin14
I'm trying for some days to get the authentication with Kerberos to work with labs 3.0c on W2K3-Server.

Does anybody in the whole world have a running installation like this?

Nothing about CIFS-Access, or other configuration tasks - at the moment i would just like to be able to connect to Webclient using GSS Kerberos.

Following the instructions at http://wiki.alfresco.com/wiki/Configuring_the_CIFS_and_web_servers_for_Kerberos/AD_integration just didn't work.

During the last few days i tried to get this working, running from error to error.

I created serviceprincipals using ktutil and mapping them with adsiedit, adding other enc-types to the keytabs, trying to vary serviceaccountnames in AD (found this: http://forums.sun.com/thread.jspa?threadID=5192047) and so on.. and didn't have any access.

There are 3 errors which i can't solve:

When starting the server: CIFS Kerberos authenticator error (initially: KrbException: Identifier doesn't match expected value)

But, server is up after that, so i tried to access Webclient, getting this error message:
GSSException: No valid credentials provided (Mechanism Level: Failed to find any Kerberos Key)

This causes SPNEGO to fail, but entering username, pass and domain seems to grant access. This is followed by the last error, also shown in Browser:
ArraIndexOutOfBoundsException: End of data buffer, thrown from org.alfresco.jlan.server.auth.asn.DERBuffer.unpackBytes, line 195

So.. if anybody has a sample config or a solution for these errors, help would be very much appriciated, otherwise i have to give up.

thanks in advance,

Wuff

Outcomes