Hi Bjorn,<div><br></div><div>Kerberos authentication is tricky to debug as so many things can go wrong. I can make a couple of suggestions though:</div><div><br></div><div>1. It looks like you are running on Linux, so try looking at your /etc/krb5.conf file on the server. It should contain your kerberos authentication information including the locations of KDCs and admin servers for the Kerberos realms of interest.</div><div><br></div><div>2. Since you have debug set to true on the configuration below, take a look at the Zanata logs when attempting to log in, they usually have some indication of what might have gone wrong.</div><div><br></div><div>Regards,</div><div><br></div><div>Carlos</div><div><br>On Tuesday, 22 September 2015, Ramann, Björn <<a href="mailto:Bjoern.Ramann@governikus.de">Bjoern.Ramann@governikus.de</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">






<div>
<font face="Calibri" size="2"><span style="font-size:11pt">
<div>hi@all,</div>
<div> </div>
<div>i try to auth users with Kerberos to our windows Active directory and configure:</div>
<div> </div>
<div><font face="Lucida Console" size="2" color="#00BFBF"><span style="font-size:9pt"><bindings></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#0000BF"><!-- <simple name="java:global/zanata/security/auth-policy-names/internal" value="zanata.internal"/> --></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#0000BF"><!-- </font><font color="#0000BF"><simple name="java:global/zanata/security/auth-policy-names/openid" value="zanata.openid"/></font><font color="#0000BF">
</font><font face="Wingdings">à</font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><simple </font><font color="#00BF00">name</font>=<font color="#BF0000">"java:global/zanata/security/auth-policy-names/kerberos"</font><font color="#00BFBF">
</font><font color="#00BF00">value</font>=<font color="#BF0000">"zanata.kerberos"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><simple </font><font color="#00BF00">name</font>=<font color="#BF0000">"java:global/zanata/security/admin-users"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"admin"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><simple </font><font color="#00BF00">name</font>=<font color="#BF0000">"java:global/zanata/files/document-storage-directory"</font><font color="#00BFBF">
</font><font color="#00BF00">value</font>=<font color="#BF0000">"${user.home}/zanata/files"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><simple </font><font color="#00BF00">name</font>=<font color="#BF0000">"java:global/zanata/email/default-from-address"</font><font color="#00BFBF">
</font><font color="#00BF00">value</font>=<font color="#BF0000">"noreply@</font><font color="#BF0000"><a href="http://blub.com" target="_blank">blub.com</a></font><font color="#BF0000">"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">            <font color="#00BFBF"></bindings></font></span></font></div>
<div>…</div>
<div> </div>
<div><font face="Lucida Console" size="2" color="#00BFBF"><span style="font-size:9pt"><security-domain <font color="#00BF00">name</font><font color="black">=</font><font color="#BF0000">"zanata.kerberos"</font>></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"><authentication></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"><login-module </font><font color="#00BF00">code</font>=<font color="#BF0000">"org.jboss.security.negotiation.spnego.SPNEGOLoginModule"</font><font color="#00BFBF">
</font><font color="#00BF00">flag</font>=<font color="#BF0000">"sufficient"</font><font color="#00BFBF">></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"password-stacking"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"useFirstPass"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"serverSecurityDomain"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"host"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"removeRealmFromPrincipal"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"usernamePasswordDomain"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"krb5"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"></login-module></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"></authentication></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"></security-domain></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><security-domain </font><font color="#00BF00">name</font>=<font color="#BF0000">"krb5"</font><font color="#00BFBF">></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"><authentication></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"><login-module </font><font color="#00BF00">code</font>=<font color="#BF0000">"com.sun.security.auth.module.Krb5LoginModule"</font><font color="#00BFBF">
</font><font color="#00BF00">flag</font>=<font color="#BF0000">"sufficient"</font><font color="#00BFBF">></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"storePass"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"false"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"clearPass"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"debug"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"doNotPrompt"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"false"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"></login-module></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"></authentication></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"></security-domain></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                <font color="#00BFBF"><security-domain </font><font color="#00BF00">name</font>=<font color="#BF0000">"host"</font><font color="#00BFBF">></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"><authentication></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"><login-module </font><font color="#00BF00">code</font>=<font color="#BF0000">"com.sun.security.auth.module.Krb5LoginModule"</font><font color="#00BFBF">
</font><font color="#00BF00">flag</font>=<font color="#BF0000">"required"</font><font color="#00BFBF">></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"storeKey"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"useKeyTab"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"principal"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"HTTP/</font><font color="#BF0000">dc01</font><font color="#BF0000">.</font><font color="#BF0000"><a href="http://domain.com" target="_blank">domain.com</a></font><font color="#BF0000">@</font><font color="#BF0000"><a href="http://DOMAIN.COM" target="_blank">DOMAIN.COM</a></font><font color="#BF0000">"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"keyTab"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"/opt/zanata/wildfly/standalone/configuration/jboss.keytab"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"doNotPrompt"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                            <font color="#00BFBF"><module-option </font><font color="#00BF00">name</font>=<font color="#BF0000">"debug"</font><font color="#00BFBF"> </font><font color="#00BF00">value</font>=<font color="#BF0000">"true"</font><font color="#00BFBF">/></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                        <font color="#00BFBF"></login-module></font></span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">                    <font color="#00BFBF"></authentication></font></span></font></div>
<div> </div>
<div> </div>
<div>But on the page, when I press login, I get da 403 and there is no fiel to type my credentials in. </div>
<div> </div>
<div>Soft:</div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,457Z INFO  [org.quartz.core.QuartzScheduler] (ServerService Thread Pool -- 58) Scheduler DefaultQuartzScheduler_$_NON_CLUSTERED started.</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release codename: Kenny</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) App server release version: 1.0.1.Final</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,755Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) WildFly Full version: 9.0.1.Final</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    _____                     _</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /__  /  ____ _____  ____ _/ /_____ _</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,757Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)     / /  / __ `/ __ \/ __ `/ __/ __ `/</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)    / /__/ /_/ / / / / /_/ / /_/ /_/ /</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   /____/\__,_/_/ /_/\__,_/\__/\__,_/</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Application version: 3.7.2</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   SCM: git-server-3.7.2</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58)   Red Hat Inc 2008-2015</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) ============================================</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,758Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) SPNEGO/Kerberos authentication: enabled</span></font></div>
<div><font face="Lucida Console" size="2"><span style="font-size:9pt">13:25:45,759Z INFO  [org.zanata.ZanataInit] (ServerService Thread Pool -- 58) Enable copyTrans: true</span></font></div>
<div> </div>
<div> </div>
<div>Please advise!</div>
<div> </div>
<div>Thanks</div>
<div>bjoern</div>
<div> </div>
<div> </div>
</span></font>
</div>

</blockquote></div><br><br>-- <br>Carlos A. Muñoz<br>Software Engineering Supervisor<br>Globalization<br>Red Hat<br>