🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Unable to authenticate using "KERBEROS AUTHENTICATION SCHEME"
Hi Team,
When i am trying to connect to a session using Kerberos Authentication Scheme.
It throws Unauthorized Login failure error.
can anyone please tell me what must have been missing?
Below is the list of Session Properties i am passing to connect to the session. I am using C API.
propIndex =0;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_HOST;
sprintf(SOLClientSessionPropHost, "wss://%s.test123.com:443", appliance);
sessionProps[propIndex++] = SOLClientSessionPropHost;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR;
sessionProps[propIndex++] = "Path";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_VPN_NAME;
sessionProps[propIndex++] = "TEST";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_BASIC;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_GSS_KRB;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_GUARANTEED_WITH_WEB_TRANSPORT;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_TCP_NODELAY;
sessionProps[propIndex++] = "1";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_REAPPLY_SUBSCRIPTIONS;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SUBSCRIBE_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_DISABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_RETRIES;
sessionProps[propIndex++] = "2";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_RECONNECT_RETRY_WAIT_MS;
SessionProps[propIndex++] = "5000";
The error response code is 401.
Thanks
Comments
-
Hi @Ragnar ,
Yes, there is an information string attached to it which is "Unauthenticated Authentication Not allowed". The response code is 401 and not 403.
Thanks.0 -
This error is returned from the broker when configured to LDAP for authorization. It would appear that the Kerberos authentication worked or was ignored. It could be ignored if you have configured Basic Authentication on the broker and allowed no password. Then LDAP would fail. If the broker is configured properly for Kerberos authentication and it is still failing this way, it may be the combination of Kerberos and LDAP is not currently supported.
1