Kerb not working on Win Server 2008 R2 on non-IP URL

Aug 23, 2013 at 5:51 PM
Please see my output below for working/non-working use cases using IE.
In the working side, I'm using an IP in the URL vs. the Name.
Also I thought it was going to authenticate with kerb, not NTLM.

Working output from log using the IP in IE with the following URL:
(https://192.168.14.106/authbysspi/index.jsp)

FINE: authentication SPNEGO: remote address: 192.168.17.97
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Token received from the client: Negotiate (note: i stripped token out here)
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator broie
FINE: Authorization != null && Authorization starts With NEGOTIATE
Aug 23, 2013 11:59:35 AM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes 56
Aug 23, 2013 11:59:35 AM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes after verification 56
Aug 23, 2013 11:59:35 AM fr.doume.base64.Base64 decodeFrom64
FINE: Count of 4-tuples : 14
Aug 23, 2013 11:59:35 AM fr.doume.base64.Base64 decodeFrom64
FINE: length_base255 : (Count of bytes after the translation)40
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: before sspauth.acceptSecContext
Aug 23, 2013 11:59:35 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: Count of sids given by TraduireNomsEnSids : 3
Aug 23, 2013 11:59:35 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: Count of null sids ( Tomcat's roles that are not AD groups) : 1
Aug 23, 2013 11:59:35 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: before AcceptSecContext (native code)
Aug 23, 2013 11:59:35 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hCredential (handle Windows Server credential): 0 0
Aug 23, 2013 11:59:35 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hContext (handle windows Context GSSapi/SSPI between the client and the server): 0 0
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: Another cycle initSecContext/acceptSecContext is required
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Sending response token: Negotiate (note: i stripped token out here)
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: Authentication is neither failed nor established: Another round between the client and the server is required
Aug 23, 2013 11:59:35 AM fr.doume.authenticator.SSPAuthenticator setSSPAuthentificationInSession
FINE: The istance of SSPAuthentication added in the session
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: Entry in authenticate: Principal does not exist and authentication is required
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: realm : Realm[WindowsRealm]
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator appelTraduire
FINE: get the TraductionNomsEnSids from the context's dictionnary
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: before getSSPAuthentification
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: authentication SPNEGO: remote address: 192.168.17.97
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Token received from the client: Negotiate (note: i stripped token out here)
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator broie
FINE: Authorization != null && Authorization starts With NEGOTIATE
Aug 23, 2013 11:59:37 AM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes 740
Aug 23, 2013 11:59:37 AM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes after verification 740
Aug 23, 2013 11:59:37 AM fr.doume.base64.Base64 decodeFrom64
FINE: Count of 4-tuples : 185
Aug 23, 2013 11:59:37 AM fr.doume.base64.Base64 decodeFrom64
FINE: length_base255 : (Count of bytes after the translation)554
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: before sspauth.acceptSecContext
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: before AcceptSecContext (native code)
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hCredential (handle Windows Server credential): 3382080 3343016
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hContext (handle windows Context GSSapi/SSPI between the client and the server): 3382120 3344104
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: group number 0 = 1 (1 if in the access token, otherwise 0)
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: group number 1 = 1 (1 if in the access token, otherwise 0)
Aug 23, 2013 11:59:37 AM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: group number 2 = 0 (1 if in the access token, otherwise 0)
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: Authenticated user : NTE\my.user
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: Security Service Provider Interface used : NTLM
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Sending response token: Negotiate
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator RemoveSSPAuthentificationFromSession
FINE: The istance of SSPAuthentication is no more in the session
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: Authentication is established
Aug 23, 2013 11:59:37 AM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: the client is now registered

Non-Working output from log using the Name in IE with the following URL:
(https://tomcat.test.org/authbysspi/index.jsp)

FINE: authentication SPNEGO: remote address: 192.168.17.97
Aug 23, 2013 12:01:21 PM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Token received from the client: Negotiate (note: i stripped token out here)
Aug 23, 2013 12:01:21 PM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: Authentication is neither failed nor established: Another round between the client and the server is required
Aug 23, 2013 12:01:21 PM fr.doume.authenticator.SSPAuthenticator setSSPAuthentificationInSession
FINE: The istance of SSPAuthentication added in the session
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: Entry in authenticate: Principal does not exist and authentication is required
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: realm : Realm[WindowsRealm]
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator appelTraduire
FINE: get the TraductionNomsEnSids from the context's dictionnary
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: before getSSPAuthentification
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: authentication SPNEGO: remote address: 192.168.17.97
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator getHeaderAuthorizationAndSetWWW_Authenticate
FINE: Token received from the client: Negotiate (note: i stripped token out here)
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator broie
FINE: Authorization != null && Authorization starts With NEGOTIATE
Aug 23, 2013 12:01:27 PM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes 3124
Aug 23, 2013 12:01:27 PM fr.doume.base64.Base64 decodeFrom64
FINE: count of received bytes after verification 3124
Aug 23, 2013 12:01:27 PM fr.doume.base64.Base64 decodeFrom64
FINE: Count of 4-tuples : 781
Aug 23, 2013 12:01:27 PM fr.doume.base64.Base64 decodeFrom64
FINE: length_base255 : (Count of bytes after the translation)2341
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: before sspauth.acceptSecContext
Aug 23, 2013 12:01:27 PM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: before AcceptSecContext (native code)
Aug 23, 2013 12:01:27 PM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hCredential (handle Windows Server credential): 3305880 3343016
Aug 23, 2013 12:01:27 PM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: hContext (handle windows Context GSSapi/SSPI between the client and the server): 3382080 3343016
Aug 23, 2013 12:01:27 PM fr.doume.sspi.SSPAuthentification acceptSecContext
FINE: Error in AcceptSecContext : AcceptSecurityContext : The token passed to the function is invalid.
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: SSPIAuthentication : AcceptSecurityContext : The token passed to the function is invalid.
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator broieoctets
FINE: array of bytes sent by acceptSecContext (SSPI server) is null
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator broie
FINE: The array of bytes sent by SSPI == null
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator RemoveSSPAuthentificationFromSession
FINE: The istance of SSPAuthentication is no more in the session
Aug 23, 2013 12:01:27 PM fr.doume.authenticator.SSPAuthenticator authenticate
FINE: authentication is failed