Shibboleth

Shibboleth IDP on Websphere - java.lang.ClassNotFoundException: com.sun.security.auth.module.Krb5LoginModule

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

waheed

Shibboleth IDP on Websphere - java.lang.ClassNotFoundException: com.sun.security.auth.module.Krb5LoginModule

Hi !

I have been trying to run Shibboleth IDP on IBM Websphere and so far i am successful. Now i am trying add SPNEGO. Issue i am getting is below.

2017-06-27 14:41:19,678 - TRACE [net.shibboleth.idp.authn.spnego.impl.GSSContextAcceptor:112] - Processing first GSS input token
2017-06-27 14:41:19,678 - DEBUG [net.shibboleth.idp.authn.spnego.impl.GSSContextAcceptor:175] - Validating the first GSS input token against service principal: HTTP/ITOVML921T.gos.ca@GOS.CA
2017-06-27 14:41:19,688 - ERROR [net.shibboleth.idp.authn.spnego.impl.GSSAcceptorLoginModule:83] - Unable to instantiate JAAS module for Kerberos
java.lang.ClassNotFoundException: com.sun.security.auth.module.Krb5LoginModule
at java.lang.Class.forNameImpl(Native Method)
2017-06-27 14:41:19,689 - ERROR [net.shibboleth.idp.authn.spnego.impl.GSSContextAcceptor:216] - Server login error using principal: HTTP/ITOVML921T.gos.ca@GOS.CA
2017-06-27 14:41:19,691 - DEBUG [net.shibboleth.idp.authn.spnego.impl.GSSContextAcceptor:188] - Error establishing security context
javax.security.auth.login.LoginException: No JAAS module for Kerberos available
at net.shibboleth.idp.authn.spnego.impl.GSSAcceptorLoginModule.login(GSSAcceptorLoginModule.java:97)
2017-06-27 14:41:19,692 - DEBUG [net.shibboleth.idp.authn.spnego.impl.SPNEGOAuthnController:165] - Exception processing GSS token
javax.security.auth.login.LoginException: No JAAS module for Kerberos available
at net.shibboleth.idp.authn.spnego.impl.GSSAcceptorLoginModule.login(GSSAcceptorLoginModule.java:97)

I had a look at the source code and saw hard coded value for this class. how can i change it to use IBM Krb5LoginModule Implementation i.e. com.ibm.security.auth.module.Krb5LoginModule .

public class KerberosSettings extends AbstractInitializableComponent {
44
45 /** Class name of JAAS LoginModule to acquire Kerberos credentials. */
46 @Nonnull @NotEmpty private String loginModuleClassName;
47
48 /** Refresh the Kerberos config before running? */
49 private boolean refreshKrb5Config;
50
51 /** List of realms (KerberosRealmSettings objects). */
52 @NonnullAfterInit @NonnullElements private Collection<KerberosRealmSettings> realmSettings;
53
54 /** Constructor. */
55 public KerberosSettings() {
56 loginModuleClassName = "com.sun.security.auth.module.Krb5LoginModule";
57 realmSettings = Collections.emptyList();
58 }

Thanks for your help.