Details

      Description

      FULL PRODUCT VERSION :
      java version "1.8.0_71"
      Java(TM) SE Runtime Environment (build 1.8.0_71-b15)
      Java HotSpot(TM) Client VM (build 25.71-b15, mixed mode)

      ADDITIONAL OS VERSION INFORMATION :
      Windows

      A DESCRIPTION OF THE PROBLEM :
      A well known problem about performing Single Sign On (SSO) in a java client against a SPNEGO server is that the method acquireDefaultNativeCreds in class sun.security.krb5.Credentials is unable to retrieve native kerberos credentials.

      This happens because windows won't handle the encryptionKey and then the code in sun/security/krb5/NativeCreds.c will abort the credentials retrieval.

      I'm not a security expert. But I wonder if this key is really always necessary to perform SSO. Isn't that for authentication porposes the Credentials with a null encryptionKey is OK?!?

      Isn't the SPNEGO client java default implementation unnecessary hampered? Why browsers (Chrome/Firefox/IE) should be able to perform SSO and not a java client?

      STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
      Try SSO against a SPNEGO Kerberos enabled server.


      REPRODUCIBILITY :
      This bug can be reproduced always.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                coffeys Sean Coffey
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: