IE not working properly

Apr 12, 2010 at 11:43 PM

Ok....My company is embarking on SSO.  We have an application sitting on a Tomcat 5.5 server that can SSO if we can get the username.  Without web server authentication turned on, the request.getRemoteUser call returns null.  So we are attempting to turn on seamless authentication to our tomcat web server.  We have tried several products, some that support NTLM, some that support Kerberos, now to this one that supports both.  We are consistently getting problems across the board, but our problem today relates to this tool and IE 8.  When I connect to my server using the example app in Chrome, it immediately comes up and works, no prompting of any sort.  If I try the same thing with IE it prompts for user ID and password....if I provide it, it doesn't seem to like my answer and prompts again...a total of 3 times before telling me that I need to authenticate.  I have the NegoServer log turned to verbose and it's contents for that session are.  Your time is appreciated

Server Verbose: 0 : Current Directory: E:\Negoserver

    DateTime=2010-04-12T22:42:52.5636938Z

Server Verbose: 46828 : To a new request with a new connection TCP

    DateTime=2010-04-12T22:42:59.8294583Z

Server Verbose: 46828 : Before TranslationOrAuthenticate

    DateTime=2010-04-12T22:42:59.8294583Z

State Verbose: 46828 : Buf len : 1

    DateTime=2010-04-12T22:42:59.8294583Z

State Verbose: 46828 : Buf offset 0

    DateTime=2010-04-12T22:42:59.8294583Z

State Verbose: 46828 : Buf remaining 1

    DateTime=2010-04-12T22:42:59.8294583Z

Server Verbose: 46828 : In TranslationOrAuthenticate

    DateTime=2010-04-12T22:42:59.8763342Z

Server Verbose: 46828 : Buffer.length1

    DateTime=2010-04-12T22:42:59.8763342Z

Server Verbose: 46828 : ConnectionType.Authentication

    DateTime=2010-04-12T22:42:59.8763342Z

AsynchronousAuthenticatingTcpListener Verbose: 46828 : NOT onlykerberos

    DateTime=2010-04-12T22:42:59.8763342Z

AsynchronousAuthenticatingTcpListener Verbose: 46828 : Ending authentication.

    DateTime=2010-04-12T22:43:18.0173075Z

ClientState Verbose: 46828 : Authentication failed because the remote party has closed the transport stream.    at System.Net.Security.NegoState.EndProcessAuthentication(IAsyncResult result)

   at System.Net.Security.NegotiateStream.EndAuthenticateAsServer(IAsyncResult asyncResult)

   at httpToNegotiateStream.AsynchronousAuthenticatingTcpListener.EndAuthenticate(IAsyncResult ar)

    DateTime=2010-04-12T22:43:18.0329328Z

ClientState Verbose: 46828 : Authenticatde stream closed

    DateTime=2010-04-12T22:43:18.0329328Z

ClientState Verbose: 46828 : Connection closed

    DateTime=2010-04-12T22:43:18.0329328Z

Server Verbose: 0 : Current Directory: E:\Negoserver
    DateTime=2010-04-12T22:42:52.5636938Z
Server Verbose: 46828 : To a new request with a new connection TCP
    DateTime=2010-04-12T22:42:59.8294583Z
Server Verbose: 46828 : Before TranslationOrAuthenticate
    DateTime=2010-04-12T22:42:59.8294583Z
State Verbose: 46828 : Buf len : 1
    DateTime=2010-04-12T22:42:59.8294583Z
State Verbose: 46828 : Buf offset 0
    DateTime=2010-04-12T22:42:59.8294583Z
State Verbose: 46828 : Buf remaining 1
    DateTime=2010-04-12T22:42:59.8294583Z
Server Verbose: 46828 : In TranslationOrAuthenticate
    DateTime=2010-04-12T22:42:59.8763342Z
Server Verbose: 46828 : Buffer.length1
    DateTime=2010-04-12T22:42:59.8763342Z
Server Verbose: 46828 : ConnectionType.Authentication
    DateTime=2010-04-12T22:42:59.8763342Z
AsynchronousAuthenticatingTcpListener Verbose: 46828 : NOT onlykerberos
    DateTime=2010-04-12T22:42:59.8763342Z
Coordinator
Apr 16, 2010 at 9:55 PM

Hello,

Is tomcat running on Windows or unix? On Windows, Negoserver and tomcat must be running on the same server. What is the name of the server used in the request?

Can you send me the file catalina.log?

1)Before, open the file conf/logging.properties and add at the end of this file

fr.doume.level = FINE

2)Then, in the same file, change the configuration of the catalina handler. You must have 

1catalina.org.apache.juli.FileHandler.level = FINE

3)uncomment the valve RequestDumperValve in the file conf/server.xml

      <!-- -->
      <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
      <!-- -->


Dominique Guerin

Coordinator
Apr 17, 2010 at 5:26 AM
Edited Apr 19, 2010 at 4:22 PM

Hello,

You use tomcat 55 so:,

1)Copy the directory trunk-tcp-20022010/example/authbysspiv2 to the directory /webapps of tomcat

2)Copy the file trunk-tcp-20022010/jar/tomcat55/frdoumesspitc5v2.jar (NOT frdoumesspitc6v2.jar)  in the directory /server/lib of tomcat.

3)copy the file trunk-tcp-20022010/example/logging.properties to the directory /conf of tomcat

4)remove the logs and restart tomcat. To test, it is better to launch iE on another computer. 

Dominique Guerin