Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-4499

OData Kerberos cannot access VDB

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 9.0.5, 9.1.1, 8.12.8.6_3, 9.2
    • 8.12.6.6_3
    • OData
    • None

    Description

      When configured odata war for Kerberos using https://teiid.gitbooks.io/documents/content/security/Kerberos_support_through_GSSAPI.html an error occurs when accessing a vdb, which is also secured by Kerberos.
      The error is following:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      11:44:53,360 WARN  [org.teiid.ODATA] (http-127.0.0.1:8080-1) TEIID16047 Could not process OData 4 request: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.: org.teiid.core.TeiidProcessingException: 08001 TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:233) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.teiid.olingo.web.ODataFilter.doFilter(ODataFilter.java:100) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:231) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.jboss.security.negotiation.NegotiationAuthenticator$WrapperValve.invoke(NegotiationAuthenticator.java:492) [jboss-negotiation-common-2.3.11.Final-redhat-1.jar:2.3.11.Final-redhat-1]
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:512) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169) [jboss-as-web-7.5.9.Final-redhat-2.jar:7.5.9.Final-redhat-2]
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:150) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:344) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:854) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:926) [jbossweb-7.5.17.Final-redhat-1.jar:7.5.17.Final-redhat-1]
	at java.lang.Thread.run(Thread.java:745) [rt.jar:1.8.0_102]
Caused by: org.teiid.jdbc.TeiidSQLException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:135)
	at org.teiid.jdbc.TeiidSQLException.create(TeiidSQLException.java:71)
	at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:55)
	at org.teiid.jdbc.TeiidDriver.connect(TeiidDriver.java:105)
	at org.teiid.olingo.service.LocalClient.buildConnection(LocalClient.java:119) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.teiid.olingo.service.LocalClient.open(LocalClient.java:89) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.teiid.olingo.web.ODataFilter.internalDoFilter(ODataFilter.java:226) [teiid-olingo-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	... 16 more
Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:308) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.teiid.jdbc.ModuleHelper.createFromModule(ModuleHelper.java:53)
	at org.teiid.jdbc.EmbeddedProfile.createServerConnection(EmbeddedProfile.java:60)
	at org.teiid.jdbc.EmbeddedProfile.connect(EmbeddedProfile.java:50)
	... 20 more
Caused by: org.teiid.core.TeiidException: TEIID40055 org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:345) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:306) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	... 23 more
Caused by: org.teiid.net.ConnectionException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:146)
	at org.teiid.transport.LocalServerConnection.<init>(LocalServerConnection.java:106)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.8.0_102]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [rt.jar:1.8.0_102]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.8.0_102]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) [rt.jar:1.8.0_102]
	at org.teiid.core.util.ReflectionHelper.create(ReflectionHelper.java:343) [teiid-common-core-8.12.6.6_3-redhat-1.jar:8.12.6.6_3-redhat-1]
	... 24 more
Caused by: org.teiid.client.security.LogonException: TEIID40055 Wrong logon method is being used. Server is not set up for GSS based authentication.
	at org.teiid.transport.LogonImpl.logon(LogonImpl.java:119)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.8.0_102]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) [rt.jar:1.8.0_102]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.8.0_102]
	at java.lang.reflect.Method.invoke(Method.java:498) [rt.jar:1.8.0_102]
	at org.teiid.transport.LocalServerConnection$1$1.call(LocalServerConnection.java:180)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266) [rt.jar:1.8.0_102]
	at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:276)
	at org.teiid.dqp.internal.process.DQPWorkContext.runInContext(DQPWorkContext.java:260)
	at org.teiid.transport.LocalServerConnection$1.invoke(LocalServerConnection.java:178)
	at com.sun.proxy.$Proxy81.logon(Unknown Source)
	at org.teiid.transport.LocalServerConnection.authenticate(LocalServerConnection.java:142)
	... 30 more

      Authentication of the user succeeded:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      principal is dv@EXAMPLE.COM
Will use keytab
Commit Succeeded

      Authentication of the server succeeded:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      11:44:52,873 INFO  [stdout] (http-127.0.0.1:8080-1) Acquire TGT from Cache
11:44:52,874 INFO  [stdout] (http-127.0.0.1:8080-1) Principal is HTTP/localhost@EXAMPLE.COM
11:44:52,874 INFO  [stdout] (http-127.0.0.1:8080-1) null credentials from Ticket Cache
11:44:53,234 INFO  [stdout] (http-127.0.0.1:8080-1) principal is HTTP/localhost@EXAMPLE.COM
11:44:53,234 INFO  [stdout] (http-127.0.0.1:8080-1) Will use keytab
11:44:53,236 INFO  [stdout] (http-127.0.0.1:8080-1) Commit Succeeded

      Initial request:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      12:44:52,325 DEBUG [MainClientExec] Opening connection {}->http://localhost:8080
12:44:52,327 DEBUG [DefaultHttpClientConnectionOperator] Connecting to localhost/127.0.0.1:8080
12:44:52,328 DEBUG [DefaultHttpClientConnectionOperator] Connection established 127.0.0.1:47980<->127.0.0.1:8080
12:44:52,328 DEBUG [MainClientExec] Executing request GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,328 DEBUG [MainClientExec] Target auth state: UNCHALLENGED
12:44:52,329 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
12:44:52,330 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
12:44:52,330 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
12:44:52,330 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
12:44:52,330 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
12:44:52,330 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
12:44:52,331 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"

      Negotiate request from server:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      12:44:52,457 DEBUG [wire] http-outgoing-0 << "HTTP/1.1 401 Unauthorized[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Server: Apache-Coyote/1.1[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Pragma: No-cache[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Cache-Control: no-cache[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "WWW-Authenticate: Negotiate[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Type: text/html;charset=utf-8[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Content-Length: 996[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "Date: Mon, 10 Oct 2016 10:44:52 GMT[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "[\r][\n]"
12:44:52,457 DEBUG [wire] http-outgoing-0 << "<html><head><title>JBWEB000065: HTTP Status 401 - </title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>JBWEB000065: HTTP Status 401 - </h1><HR size="1" noshade="noshade"><p><b>JBWEB000309: type</b> JBWEB000067: Status report</p><p><b>JBWEB000068: message</b> <u></u></p><p><b>JBWEB000069: description</b> <u>JBWEB000121: This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"></body></html>"
12:44:52,459 DEBUG [headers] http-outgoing-0 << HTTP/1.1 401 Unauthorized
12:44:52,459 DEBUG [headers] http-outgoing-0 << Server: Apache-Coyote/1.1
12:44:52,459 DEBUG [headers] http-outgoing-0 << Pragma: No-cache
12:44:52,460 DEBUG [headers] http-outgoing-0 << Cache-Control: no-cache
12:44:52,460 DEBUG [headers] http-outgoing-0 << Expires: Thu, 01 Jan 1970 01:00:00 GMT+01:00
12:44:52,460 DEBUG [headers] http-outgoing-0 << WWW-Authenticate: Negotiate
12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Type: text/html;charset=utf-8
12:44:52,460 DEBUG [headers] http-outgoing-0 << Content-Length: 996
12:44:52,460 DEBUG [headers] http-outgoing-0 << Date: Mon, 10 Oct 2016 10:44:52 GMT

      Response to auth server:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      Found ticket for dv@EXAMPLE.COM to go to krbtgt/EXAMPLE.COM@EXAMPLE.COM expiring on Mon Oct 10 20:44:52 CEST 2016
Entered Krb5Context.initSecContext with state=STATE_NEW
Service ticket not found in the subject
12:44:52,846 DEBUG [SPNegoScheme] Sending response 'YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp' back to the auth server
12:44:52,846 DEBUG [MainClientExec] Proxy auth state: UNCHALLENGED
12:44:52,846 DEBUG [headers] http-outgoing-0 >> GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Host: localhost:8080
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Connection: Keep-Alive
12:44:52,846 DEBUG [headers] http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Accept-Encoding: gzip,deflate
12:44:52,846 DEBUG [headers] http-outgoing-0 >> Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp
12:44:52,846 DEBUG [wire] http-outgoing-0 >> "GET /odata4/kerberos_teiid/BQT1/smalla HTTP/1.1[\r][\n]"
12:44:52,846 DEBUG [wire] http-outgoing-0 >> "Host: localhost:8080[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Connection: Keep-Alive[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_51)[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Accept-Encoding: gzip,deflate[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "Authorization: Negotiate YIIEjgYGKwYBBQUCoIIEgjCCBH6gDTALBgkqhkiG9xIBAgKhBAMCAfaiggRlBIIEYWCCBF0GCSqGSIb3EgECAgEAboIETDCCBEigAwIBBaEDAgEOogcDBQAgAAAAo4IBBmGCAQIwgf+gAwIBBaEbGxlNVy5MQUIuRU5HLkJPUy5SRURIQVQuQ09NohwwGqADAgEAoRMwERsESFRUUBsJbG9jYWxob3N0o4G8MIG5oAMCARGhAwIBBKKBrASBqdJuL2wF7+W0MD1qISt66VAyhitq77SR6vLKWJnpc/Yx60ch80GepVlYdoYxee0qW+d4u6aw3p0BaOWSgSMRoDnr9bSUn+tQXNevIfKE+oUM+5lC4afhAF0PB4dcJC7z6/wLZ9drDImvyhntm9lq/yv5LW76gSbVd9SjO58ZvD3cYRJnuF3CaFhm5ol0ce84ojZdX5mVvVBUU3+Vo1rh6SSEKda+xoBkK/ykggMnMIIDI6ADAgERooIDGgSCAxaG8huKFUf6vR0wVfeI1caKfIPtGC9rDSw5DYTz1dz43F8GI9we3YG9NC6kEi1zPdA4A2dxfBqgUl+/YkBdQco4udBCwLXNmziHCS5ypypBJsFdgFzRi/9hXukmqofSGIlKVJWH3ap1ap+37Amfm6LxZuQFDyY526onGXdWoAB0Jbcpsi74Ti5x3sRGZqoF5FTwUqI0pQYI+hLDh2GeBNXBNOHqdMXNfnLFOr+LpnNhl7ROxkWsBxNPv/4MmRLPsF/cGrc924L6R4PQvP7qVjGKUxayEoBPP/go5xb2b2z+TjruspzbJ5dw1wKAOH2RGlDJ5om0PUSqaxe0h2WhL9rXBOGVONTSv7lYQ2pcgaOqR6FutB5PZGP0B73ekwhbRfrt6zxLpHzZFnrSeV9lz1U4r8Bkyxuze3cuQGcL/cNTBbhE83cbNY8VJlu4E+6LmZ9ll3vpjNq3735S6gFArsOJ38FcLO0Kqj1rZr7/r9TRsV9f8agDnWusc5lQzZc+4H0BIeAPD34ApJxGogA63/8yF1Pl3uc1Rp+a6blQHLLCRZthIpi8LVF8rSizTkTDWUrTw+X5wGDunjslrUmClW25qzGeLTZpELrJXkKFstUnL4blaPboyPk8qDecaRed+dIjteVS9CgF51AtHrO9vhWgrr41TL+H8akHfjI6Q9GIgravWLSkNrVMsrNyVAlc1hdUAovLXJFfxS3Mg0OugjG3rJhSCiQqLCuhIRL8OB4Fz4Pa24fpBG0G/Rv1RrhuQaKoxNsZxuR67zzF+v7+4PRKK39y0cqFWBf95YV4SWz7qzXmZYcaDcVhrFzp723ecWunVa6Qt5YUZ3+pkKV+NGGb95PjS7HtvXZo4ko5tJX1QI+ke4I3j3cThrWlV5y3rNC2IKiE8eRNI6rKRGdvpYLwkL0B5AkJleqGjdiqZVy6Q2w/YdHN2oTOs8qUgIVgPHJMyRLUTT872ZOWdmmHWJuIe3sVkr1RLFDV2csmYggSZCbjCczFvlmKrcn6OLqVRGN3sNm6a9Q45wZimLvIkxePHag3vvtp[\r][\n]"
12:44:52,847 DEBUG [wire] http-outgoing-0 >> "[\r][\n]"

      Last server logs before error:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      11:44:53,246 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Logged in 'host' LoginContext
11:44:53,247 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Creating new GSSContext.
11:44:53,283 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getCredDelegState() = true
11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getMutualAuthState() = true
11:44:53,284 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) context.getSrcName() = dv@EXAMPLE.COM
11:44:53,284 INFO  [stdout] (http-127.0.0.1:8080-1) 		[Krb5LoginModule]: Entering logout
11:44:53,285 INFO  [stdout] (http-127.0.0.1:8080-1) 		[Krb5LoginModule]: logged out Subject
11:44:53,285 DEBUG [org.jboss.security.auth.spi.AbstractServerLoginModule] (http-127.0.0.1:8080-1) Storing username 'dv@EXAMPLE.COM' and empty password
11:44:53,304 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-127.0.0.1:8080-1) authenticated principal = GenericPrincipal[5tV-f1mRV7tGghx2rk4krdFH_1476096292858(odata,user,)]

      VDB used:

      <vdb name="kerberos_teiid" version="1">
	<property name="security-domain" value="EXAMPLE.COM"/>
	<property name="authentication-type" value="GSS"/>
.
.
.
</vdb>

      Request URL:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      http://localhost:8080/odata4/kerberos_teiid/BQT1/smalla

      Server configuration:

      <security-domain name="host">
    <authentication>
        <login-module code="Kerberos" flag="required" module="org.jboss.security.negotiation">
            <module-option name="storeKey" value="true"/>
            <module-option name="useKeyTab" value="true"/>
            <module-option name="keyTab" value="${jboss.home.dir}/HTTP_localhost"/>
            <module-option name="principal" value="HTTP/localhost@EXAMPLE.COM"/>
            <module-option name="doNotPrompt" value="true"/>
            <module-option name="useTicketCache" value="true"/>
            <module-option name="debug" value="true"/>
            <module-option name="refreshKrb5Config" value="false"/>
            <module-option name="isInitiator" value="true"/>
            <module-option name="addGSSCredential" value="true"/>
            <module-option name="delegationCredential" value="USE"/>
            <module-option name="ticketCache" value="/tmp/krb5cc_1000"/>
        </login-module>
    </authentication>
</security-domain>
<security-domain name="EXAMPLE.COM">
    <authentication>
        <login-module code="SPNEGO" flag="requisite" module="org.jboss.security.negotiation">
            <module-option name="password-stacking" value="useFirstPass"/>
            <module-option name="serverSecurityDomain" value="host"/>
        </login-module>
    </authentication>
    <mapping>
        <mapping-module code="SimpleRoles" type="role">
            <module-option name="dv@EXAMPLE.COM" value="user,odata"/>
        </mapping-module>
    </mapping>
</security-domain>

      Kerberos client configuration:

      Unable to find source-code formatter for language: plain. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml
      ClientDV {
  com.sun.security.auth.module.Krb5LoginModule required
  storeKey="true"
  useKeyTab="true"
  keyTab="${dv.test.krb.dir}/dv.keytab"
  principal="dv@EXAMPLE.COM"
  doNotPrompt="true"
  refreshKrb5Config="false"
  useTicketCache="true"
  ticketCache="/tmp/krb5cc_1000"
  debug="true";
};

      KRB5 configuration file is passed to server by setting system-property java.security.krb5.conf:

          <system-properties>
        <property name="java.security.krb5.conf" value="${jboss.home.dir}/krb5.conf"/>
        <property name="java.security.krb5.debug" value="true"/>
    </system-properties>

      Attachments

        Activity

          People

            rhn-engineering-shawkins Steven Hawkins
            jstastny@redhat.com Jan Stastny
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: