CAS Spnego - KrbException：チェックサムが失敗しました

Question

Active DirectoryでSPNEGO（Kerberos）認証を使用しようとしています - CASサーバー（github）。ここで が公式の命令である：https://apereo.github.io/cas/5.1.x/installation/SPNEGO-Authentication.html

私は、このテンプレートを使用：https://github.com/apereo/cas-overlay-template だから、pom.xmlがそこから取られています。

残念ながら、私はこの例外を受け取る：

>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType 
jcifs.spnego.AuthenticationException: Error performing Kerberos authentication: java.lang.reflect.InvocationTargetException 
     at jcifs.spnego.Authentication.processKerberos(Authentication.java:447) 
     at jcifs.spnego.Authentication.processSpnego(Authentication.java:346) 
     at jcifs.spnego.Authentication.process(Authentication.java:235) 
     at jcifs.spnego.Authentication$$FastClassBySpringCGLIB$$c5958df9.invoke(<generated>) 
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) 
     at jcifs.spnego.Authentication$$EnhancerBySpringCGLIB$$84bb5e21.process(<generated>) 
     at org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler.doAuthentication(JcifsSpnegoAuthenticationHandler.java:60) 
     at org.apereo.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandler.java:40) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) 
     at com.sun.proxy.$Proxy118.authenticate(Unknown Source) 
     at org.apereo.cas.authentication.AbstractAuthenticationManager.authenticateAndResolvePrincipal(AbstractAuthenticationManager.java:174) 
     at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.lambda$null$3(PolicyBasedAuthenticationManager.java:129) 
     at java.util.stream.MatchOps$1MatchSink.accept(Unknown Source) 
     at java.util.stream.ReferencePipeline$2$1.accept(Unknown Source) 
     at java.util.Spliterators$IteratorSpliterator.tryAdvance(Unknown Source) 
     at java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source) 
     at java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source) 
     at java.util.stream.AbstractPipeline.copyInto(Unknown Source) 
     at java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) 
     at java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source) 
     at java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source) 
     at java.util.stream.AbstractPipeline.evaluate(Unknown Source) 
     at java.util.stream.ReferencePipeline.anyMatch(Unknown Source) 
     at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.lambda$authenticateInternal$4(PolicyBasedAuthenticationManager.java:126) 
     at java.util.stream.MatchOps$1MatchSink.accept(Unknown Source) 
     at java.util.HashMap$KeySpliterator.tryAdvance(Unknown Source) 
     at java.util.stream.ReferencePipeline.forEachWithCancel(Unknown Source) 
     at java.util.stream.AbstractPipeline.copyIntoWithCancel(Unknown Source) 
     at java.util.stream.AbstractPipeline.copyInto(Unknown Source) 
     at java.util.stream.AbstractPipeline.wrapAndCopyInto(Unknown Source) 
     at java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source) 
     at java.util.stream.MatchOps$MatchOp.evaluateSequential(Unknown Source) 
     at java.util.stream.AbstractPipeline.evaluate(Unknown Source) 
     at java.util.stream.ReferencePipeline.anyMatch(Unknown Source) 
     at org.apereo.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:124) 
     at org.apereo.cas.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:140) 
     at org.apereo.cas.authentication.AbstractAuthenticationManager$$FastClassBySpringCGLIB$$12a86894.invoke(<generated>) 
     at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) 
     at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85) 
     at org.apereo.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:134) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:629) 
     at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:618) 
     at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168) 
     at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) 
     at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) 
     at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) 
     at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45) 
     at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48) 
     at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:46) 
     at com.ryantenney.metrics.spring.CountedMethodInterceptor.invoke(CountedMethodInterceptor.java:32) 
     at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) 
     at org.apereo.cas.authentication.PolicyBasedAuthenticationManager$$EnhancerBySpringCGLIB$$5085e4b0.authenticate(<generated>) 
     at org.apereo.cas.authentication.DefaultAuthenticationTransactionManager.handle(DefaultAuthenticationTransactionManager.java:34) 
     at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:55) 
     at org.apereo.cas.authentication.DefaultAuthenticationSystemSupport.handleInitialAuthenticationTransaction(DefaultAuthenticationSystemSupport.java:41) 
     at org.apereo.cas.web.flow.resolver.impl.InitialAuthenticationAttemptWebflowEventResolver.resolveInternal(InitialAuthenticationAttemptWebflowEventResolver.java:69) 
     at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolve(AbstractCasWebflowEventResolver.java:475) 
     at org.apereo.cas.web.flow.resolver.impl.AbstractCasWebflowEventResolver.resolveSingle(AbstractCasWebflowEventResolver.java:480) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) 
     at com.sun.proxy.$Proxy164.resolveSingle(Unknown Source) 
     at org.apereo.cas.web.flow.AbstractAuthenticationAction.doExecute(AbstractAuthenticationAction.java:59) 
     at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) 
     at com.sun.proxy.$Proxy160.execute(Unknown Source) 
     at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) 
     at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateAction.java:77) 
     at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java:188) 
     at org.springframework.webflow.execution.ActionExecutor.execute(ActionExecutor.java:51) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:101) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) 
     at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) 
     at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) 
     at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) 
     at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) 
     at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) 
     at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.DecisionState.doEnter(DecisionState.java:51) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) 
     at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) 
     at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Transition.execute(Transition.java:228) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(FlowExecutionImpl.java:395) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.execute(RequestControlContextImpl.java:214) 
     at org.springframework.webflow.engine.TransitionableState.handleEvent(TransitionableState.java:116) 
     at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:547) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent(FlowExecutionImpl.java:390) 
     at org.springframework.webflow.engine.impl.RequestControlContextImpl.handleEvent(RequestControlContextImpl.java:210) 
     at org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:105) 
     at org.springframework.webflow.engine.State.enter(State.java:194) 
     at org.springframework.webflow.engine.Flow.start(Flow.java:527) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:368) 
     at org.springframework.webflow.engine.impl.FlowExecutionImpl.start(FlowExecutionImpl.java:223) 
     at org.springframework.webflow.executor.FlowExecutorImpl.launchExecution(FlowExecutorImpl.java:140) 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) 
     at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) 
     at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) 
     at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213) 
     at com.sun.proxy.$Proxy158.launchExecution(Unknown Source) 
     at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(FlowHandlerAdapter.java:263) 
     at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:963) 
     at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:897) 
     at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) 
     at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:635) 
     at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) 
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:742) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:238) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:90) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:115) 
     at org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:59) 
     at org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:90) 
     at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) 
     at org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:108) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:64) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) 
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) 
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) 
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) 
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) 
     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) 
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) 
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) 
     at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:624) 
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) 
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) 
     at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) 
     at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) 
     at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) 
     at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) 
     at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) 
     at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) 
     at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) 
     at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) 
     at java.lang.Thread.run(Unknown Source) 
Caused by: java.lang.reflect.InvocationTargetException 
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) 
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) 
     at java.lang.reflect.Method.invoke(Unknown Source) 
     at jcifs.spnego.Authentication$ServerAction.run(Authentication.java:517) 
     at jcifs.spnego.Authentication.processKerberos(Authentication.java:430) 
     ... 274 more 
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) 
     at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source) 
     at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) 
     at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) 
     ... 280 more 
Caused by: KrbException: Checksum failed 
     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source) 
     at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source) 
     at sun.security.krb5.EncryptedData.decrypt(Unknown Source) 
     at sun.security.krb5.KrbApReq.authenticate(Unknown Source) 
     at sun.security.krb5.KrbApReq.<init>(Unknown Source) 
     at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source) 
     ... 283 more 
Caused by: java.security.GeneralSecurityException: Checksum failed 
     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(Unknown Source) 
     at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(Unknown Source) 
     at sun.security.krb5.internal.crypto.Aes256.decrypt(Unknown Source) 
     ... 289 more 

質問： それは何を意味していますか？どの構成要素がこの問題を引き起こす可能性がありますか？

Answer 1

解決策が見つかりました。要するに：私はに悪いcas.authn.spnego.jcifsServicePrincipalがあります。

詳細：

• のActive Directory
• JDK 1.8 + JCE
• Apereo CAS 5.1
• のTomcat 8.5.15のWindows Server 2012 R2上の

CAS documentationが示唆しますそのような構成：

cas.authn.spnego.jcifsServicePrincipal=HTTP/cas.example.com@EXAMPLE.COM 

しかしjcifsServicePrincipalが主要名前であることに、注意してください - SPNが割り当てられているActive Directoryのユーザー、の名前。 とHTTP/machine1に割り当てられたservicePrincipalName属性を持つユーザーcn=service_xxxがあります（ただし、最初に必要と思われる）。

このチュートリアルは、Kerberos/SPNEGO based SSO (Single Sign-On) in Weblogicに従ってください。

私のCASの動作ん方法：チュートリアルの上に使用

を、私は既存のユーザーservice_xxx（machine1ににログインすることができるユーザー）のSPNを作成します。

setspn -s HTTP/machine1.domain.com service_xxx 

ユーザーservice_xxxは、Active DirectoryにAES 128ビット暗号化とAES 256ビット暗号化のようなプロパティを持っています。

両方の操作は、Active Directory管理者（彼は十分な特権を持っています）によって行われました。

したがってservice_xxxはプリンシパル名（ユーザー名）で、HTTP/machine1.domain.comはプリンシパルに割り当てられたSPN属性のみです。私が理解している限り、マシンmachine1.domain.com（これはマシンURL）上で実行されているCASサーバーは、ユーザservice_xxxによってAD（LDAP）から任意の情報を取得できます。したがって、CASサーバーは、Kerberosプロトコルを使用しているすべてのユーザーを認証することもできます。CASプロパティjcifsServicePrincipalは、（彼らは同じ文字列である場合を除く）属性名service_xxx@domain.com元本（@ domain.comとの完全なプリンシパル名）とないそのSPNのを指している必要がありますなぜ私の意見では、これがあります。

私の設定の詳細は： AESと校長

1. 属性とSPN属性が鍵タブがJDKか​​らktab.exeツールを使用して作成さ
2. をインストールJava Cryptography Extension（JCE）無制限強度で
3. Javaの設定
4. login.confファイル - CAS documentation
と同じ

以下のように

cas.propertiesとkrb5.conf鍵タブ

キータブの作成手順（なし特別な権限が必要）：

"C:\Program Files\Java\jre1.8.0_131\bin\ktab.exe" -a service_xxx -n 0 -k cas.keytab 

-kは、キータブ出力ファイル名を指定します。 -n 0はKNVO番号を指定します。免責事項：Active Directoryでの私のユーザーのcn = service_xxxのために何の属性msDS-KeyVersionNumber（KNVO）がないので、私は0を使用しかし、私は、WindowsがKNVO番号無視することだと思う - this commentを参照します。

一つより多くの情報についてたkeytab：

チュートリアルの多くとdocumentationにも公式にはktpass.exeを使用してキータブ作ることをお勧めします。残念なことに、これにはAD管理者特権が必要なので、これは良い考えではありません。 JDKのktab.exeを使用したほうが良い（上記のように）。 service_xxxのパスワード変更後に常に新しいキータブを生成することを覚えておく必要があります。

• （service_xxxプリンシパル用）のKerberosチケットを収集するために使用するのkinit：そこにいくつかのオプションをキータブをテストする

  。これは、JDKによって提供されるツールでもあります。

• SOから@Ivan Veselovskyによって書かれたこの小さなアプリを試してみてください：それは/etc/cas/config Windows上でも、作品やポイントなどの面白いもののパスです

  cas.authn.spnego.kerberosConf=/etc/cas/config/krb5.conf 
  cas.authn.spnego.jcifsServicePrincipal=service_xxx@domain.com 
  cas.authn.spnego.loginConf=file:/etc/cas/config/login.conf 
  cas.authn.spnego.kerberosRealm=DOMAIN.COM 
  
  cas.authn.spnego.principal.principalAttribute=sAMAccountName 
  
  cas.authn.spnego.ldap.ldapUrl=ldap://path.to.ldap.domain.com 
  cas.authn.spnego.ldap.baseDn=DC=domain,DC=com #this is base dn where LDAP starts searching for users 
  cas.authn.spnego.ldap.bindDn=cn=SERVICE_XXX,DC=domain,DC=com #it's a kind of login to LDAP 
  cas.authn.spnego.ldap.failFast=false 
  cas.authn.spnego.ldap.subtreeSearch=true 
  cas.authn.spnego.ldap.useSsl=false 
  cas.authn.spnego.ldap.searchFilter=cn={host} 
  

  ：https://stackoverflow.com/a/13859217/5162026

cas.properties私の作品C:ドライブのルートに - そうC:\etc\cas\config。ここの設定（すべてのJavaファイル）のパスはスラッシュを使用していることに注意してください。

私はまたのkrb5.confを供給しています。このファイルは組織固有のものです。多くの場合、あなたは、ドメインに接続されている任意のワークステーションのどこかにC:\Windowsフォルダ内のそれを見つけることができます。コピーして、必要に応じて編集することができます。また、手書きで書くこともできます（サンプルはCASドキュメンテーションにあります）。

最も重要なのはKEYTABためにそこにパスを追加することです：

[libdefaults] 
    default_keytab_name = C:/Users/SERVICE_XXX/my_keytab/cas.keytab 

あなたが見ることができるように - default_keytab_nameパラメータが[libdefaults]の下にあります。同じパスがlogin.confファイル内にあります（Apereo CASのドキュメントを参照）。

CASでデバッグをイネーブルにした場合（cas.authn.spnego.kerberosDebug=true）、デバッグレベルをlog4j2.xmlに変更した場合。 CASは、あなたのような何かのkeytabを使用しているときにあなたが表示されるはずです。そうでなければ

2017-07-04 19:56:29,613 DEBUG [org.apereo.cas.support.spnego.authentication.handler.support.JcifsSpnegoAuthenticationHandler] - <Processing SPNEGO authentication> 
Java config name: /etc/cas/config/krb5.conf 
Loaded from Java config 
Found KeyTab Default keytab 
Entered Krb5Context.acceptSecContext with state=STATE_NEW 
>>> KeyTabInputStream, readName(): DOMAIN.COM 
>>> KeyTabInputStream, readName(): SERVICE_XXX 
>>> KeyTab: load() entry length: 79; type: 18 

// ... edited 

Added key: 23version: 0 
Added key: 16version: 0 
Added key: 17version: 0 
Added key: 18version: 0 

を、あなたはその後、CAS Looking for keys for: service_xxx@domain.comとは、以下のような例外をスローしていることがわかります。

トラブルシューティング1：（もhere指摘のように）あなたが.keytabファイルに間違ったパスを持っていること、それは非常に可能性があります

Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96) 
     at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source) 
     at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) 
     at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) 
     ... 280 more 
Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96 
     at sun.security.krb5.KrbApReq.authenticate(Unknown Source) 
     at sun.security.krb5.KrbApReq.<init>(Unknown Source) 
     at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source) 
     ... 283 more 

：

あなたはこのような例外が表示された場合。

トラブルシューティング2：

CAS約サポートされていない文句を言う場合は、暗号化：

Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled 

それは、Java JCEがインストールされていないか、Javaが更新された結果でJCEのサポートがによって上書きされた可能性が高いですupdate（JCEを再インストールします）。