Hi,
We have a test case for the KerberosLoginModule that is working as expected from a few machines.
We were required to adjust some setting in IE 8/9 to get this working properly, but it is working.
A test customer has tried to access the test page using the same settings that is working for us, but he only receives a white page.
We assumed there is something that is still not correct with his IE settings, but we verified them on our end and they work for us.
We looked at the log files and saw a difference which makes us think there may be something else at work.
Here is the log entries of a working Kerberos attempt. The login fails but that is what we expect since the user is anonymous - and is shown different content.
12:23:39,797 DEBUG [LoginManager] [SessionId: DDD0421EC93BDE9195A5DFDD5A59F7E5] Trying to login user using login-package 'Kerberos'...
12:23:39,797 DEBUG [LoginManager] [SessionId: DDD0421EC93BDE9195A5DFDD5A59F7E5] Calling login-module...
12:23:39,797 DEBUG [KerberosLoginModule] login...
12:23:39,797 DEBUG [KerberosLoginModule] received SPNEGO Authorization-Header: Negotiate TlRMT...
12:23:39,797 ERROR [KerberosLoginModule] login failed! Defective token detected (Mechanism level: GSSHeader did not find the right tag)
12:23:39,797 DEBUG [LoginManager] [SessionId: DDD0421EC93BDE9195A5DFDD5A59F7E5] LoginModule done in 0 ms
12:23:39,797 INFO [LoginManager] [SessionId: DDD0421EC93BDE9195A5DFDD5A59F7E5] No user-data available.
12:23:39,797 DEBUG [LoginManager] [SessionId: DDD0421EC93BDE9195A5DFDD5A59F7E5] Loginprocess done in 0 ms
Here is the log entries of the client where he just receives a white screen.
11:48:00,051 DEBUG [LoginManager] [SessionId: 2E5B7529A4AB05FCED5FBAA51902F093] Trying to login user using login-package 'Kerberos'...
11:48:00,051 DEBUG [LoginManager] [SessionId: 2E5B7529A4AB05FCED5FBAA51902F093] Calling login-module...
11:48:00,051 DEBUG [KerberosLoginModule] login...
11:48:00,051 DEBUG [KerberosLoginModule] sending SPNEGO authentication request. WWW-Authenticate: Negotiate
11:48:00,051 DEBUG [AuthorizeTag] [SessionId: 2E5B7529A4AB05FCED5FBAA51902F093] Processing handshake...
11:48:51,205 DEBUG [ManagerBase] Start expire sessions StandardManager at 1341481731205 sessioncount 5
11:48:51,205 DEBUG [ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
What is interesting is that the working attempt has "received SPNEGO Authorization-Header: Negotiate TlRMT..." whereas the non-working attempt has "sending SPNEGO authentication request. WWW-Authenticate: Negotiate".
Can someone provide insight into what the log entries mean from the Kerberos Module? Could it be that the customer needs to do something more to get this working?
Thanks!