🎄 Happy Holidays! 🥳

Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.

Happy Holidays!

Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.

Unable to authenticate using "KERBEROS AUTHENTICATION SCHEME"

TestSolace
TestSolace Member Posts: 16

Hi Team,
When i am trying to connect to a session using Kerberos Authentication Scheme.
It throws Unauthorized Login failure error.
can anyone please tell me what must have been missing?
Below is the list of Session Properties i am passing to connect to the session. I am using C API.
propIndex =0;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_HOST;
sprintf(SOLClientSessionPropHost, "wss://%s.test123.com:443", appliance);
sessionProps[propIndex++] = SOLClientSessionPropHost;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR;
sessionProps[propIndex++] = "Path";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_VPN_NAME;
sessionProps[propIndex++] = "TEST";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_BASIC;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_GSS_KRB;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_GUARANTEED_WITH_WEB_TRANSPORT;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_TCP_NODELAY;
sessionProps[propIndex++] = "1";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_REAPPLY_SUBSCRIPTIONS;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SUBSCRIBE_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_DISABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_RETRIES;
sessionProps[propIndex++] = "2";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_RECONNECT_RETRY_WAIT_MS;
SessionProps[propIndex++] = "5000";

The error response code is 401.
Thanks

Tagged:

Comments

  • Ragnar
    Ragnar Member, Employee Posts: 67 Solace Employee

    Is there an Information string with the 401? Usually the broker send 403 errors for authentication problems.

  • TestSolace
    TestSolace Member Posts: 16
    edited March 2021 #3

    Hi @Ragnar ,
    Yes, there is an information string attached to it which is "Unauthenticated Authentication Not allowed". The response code is 401 and not 403.
    Thanks.

  • Ragnar
    Ragnar Member, Employee Posts: 67 Solace Employee

    This error is returned from the broker when configured to LDAP for authorization. It would appear that the Kerberos authentication worked or was ignored. It could be ignored if you have configured Basic Authentication on the broker and allowed no password. Then LDAP would fail. If the broker is configured properly for Kerberos authentication and it is still failing this way, it may be the combination of Kerberos and LDAP is not currently supported.