-
Bug
-
Resolution: Unresolved
-
Major
-
4.0.0
-
None
I tried to configure a user population with two diffrents ldap and two differents Kerberos.
If the first Kerberos luckily authenticate someone from the first ldap, its fine, otherwise, I keep getting this exception :
ERROR [sitemap.handled-errors] (http-nio-8081-exec-1;/_authenticate) Sitemap: error when calling sub-sitemap at <map:mount> - resource://org/ametys/runtime/kernel/sitemap.xmap:181:109 org.apache.cocoon.ProcessingException: Sitemap: error when calling sub-sitemap at <map:mount> - resource://org/ametys/runtime/kernel/sitemap.xmap:181:109 ... Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:856) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) at org.ametys.plugins.core.impl.authentication.KerberosCredentialProvider.nonBlockingGetUserIdentity(KerberosCredentialProvider.java:233) at org.ametys.core.authentication.CredentialProvider.getUserIdentity(CredentialProvider.java:126) at org.ametys.core.authentication.AuthenticateAction._doProcess(AuthenticateAction.java:555) at org.ametys.core.authentication.AuthenticateAction._process(AuthenticateAction.java:523) at org.ametys.core.authentication.AuthenticateAction.act(AuthenticateAction.java:187) at org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:120) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.ActTypeNode.invoke(ActTypeNode.java:139) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:47) at org.apache.cocoon.components.treeprocessor.sitemap.MatchNode.invoke(MatchNode.java:108) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelineNode.invoke(PipelineNode.java:143) at org.apache.cocoon.components.treeprocessor.AbstractParentProcessingNode.invokeNodes(AbstractParentProcessingNode.java:69) at org.apache.cocoon.components.treeprocessor.sitemap.PipelinesNode.invoke(PipelinesNode.java:93) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:236) at org.apache.cocoon.components.treeprocessor.ConcreteTreeProcessor.process(ConcreteTreeProcessor.java:178) at org.apache.cocoon.components.treeprocessor.TreeProcessor.process(TreeProcessor.java:254) at org.apache.cocoon.components.treeprocessor.sitemap.MountNode.invoke(MountNode.java:118) ... 32 more Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:102) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:94) at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:281) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) ... 58 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:408) at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:91) at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:100) ... 64 more
