Skip to main content

SECJ0118E with form authentication and spnego enabled


Our deployment keeps getting an odd SECJ0118E  exception when authenticating with Form authentication with Mozilla or Chrome browser not configured for Active Directory Domain.

All instructions into WebSphere infocenter for enabling fallback to default authentication were correctly applied.  We noticed that standard WebSphere security tracing (*=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.websphere.wim.*=all:com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all) 
provided into trace a lot of Kerberos exceptions. 

[30/12/13 17.36.57:246 CET] 0000005e Krb5LoginModu < login() Exit
javax.security.auth.login.FailedLoginException: Errore di login: com.ibm.security.krb5.KrbException, codice di stato: 68
messaggio: Nessuno
at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:30)
at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:719)
at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:742)


Double checking WebSphere security settings we noticed that Authentication mechanism was mistakenly set to Kerberos and LTPA instead of simple LTPA, as suggested for SPNEGO. 

Reverting back to simple LTPA fixed everything. 

Comments

Popular posts from this blog

Building bitcoin/litecoin on mac os x missing EC.h

For my own fun, I was playing around with bitcoin, to check how the parameters of the cryptocurrencies can be modified.

After recent upgrades to my OS, I could not build any longer the bitcoind. Seems like something changed on that side. Now this command

./configure --with-gui=qt5 --enable-debug
Was sistematically producing 
configure: error: OpenSSL ec header missing

EC is the file for elliptic curve cryptography. I had brew correctly configured, and the header files were all correctly present. After some time spent inspecting the issue, on github I was able to find the solution for this problem. I simply add to export the following
export LDFLAGS=-L/usr/local/opt/openssl/libexport CPPFLAGS=-I/usr/local/opt/openssl/include
There is aksi pull request on bitcoin for that, I hope I could save you some timehttps://github.com/bitcoin/bitcoin/pull/6885/files?diff=split&unchanged=expanded