Unable to authenticate using "KERBEROS AUTHENTICATION SCHEME"

TestSolace
TestSolace Member Posts: 16
in General Discussions #1

Hi Team,
When i am trying to connect to a session using Kerberos Authentication Scheme.
It throws Unauthorized Login failure error.
can anyone please tell me what must have been missing?
Below is the list of Session Properties i am passing to connect to the session. I am using C API.
propIndex =0;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_HOST;
sprintf(SOLClientSessionPropHost, "wss://%s.test123.com:443", appliance);
sessionProps[propIndex++] = SOLClientSessionPropHost;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SSL_TRUST_STORE_DIR;
sessionProps[propIndex++] = "Path";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_VPN_NAME;
sessionProps[propIndex++] = "TEST";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_BASIC;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_AUTHENTICATION_SCHEME_GSS_KRB;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_GUARANTEED_WITH_WEB_TRANSPORT;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_TCP_NODELAY;
sessionProps[propIndex++] = "1";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_REAPPLY_SUBSCRIPTIONS;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_SUBSCRIBE_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_DISABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_BLOCKING;
sessionProps[propIndex++] = SOLCLIENT_PROP_ENABLE_VAL;
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_CONNECT_RETRIES;
sessionProps[propIndex++] = "2";
sessionProps[propIndex++] = SOLCLIENT_SESSION_PROP_RECONNECT_RETRY_WAIT_MS;
SessionProps[propIndex++] = "5000";

The error response code is 401.
Thanks

Tagged:

Comments

  • Ragnar
    Ragnar Member, Employee Posts: 65 Solace Employee
    #2

    Is there an Information string with the 401? Usually the broker send 403 errors for authentication problems.

  • TestSolace
    TestSolace Member Posts: 16
    edited March 2021 #3

    Hi @Ragnar ,
    Yes, there is an information string attached to it which is "Unauthenticated Authentication Not allowed". The response code is 401 and not 403.
    Thanks.

  • Ragnar
    Ragnar Member, Employee Posts: 65 Solace Employee
    #4

    This error is returned from the broker when configured to LDAP for authorization. It would appear that the Kerberos authentication worked or was ignored. It could be ignored if you have configured Basic Authentication on the broker and allowed no password. Then LDAP would fail. If the broker is configured properly for Kerberos authentication and it is still failing this way, it may be the combination of Kerberos and LDAP is not currently supported.

Categories

This Month's Leaders

This Week's Leaders