Results 1 to 3 of 3

Thread: SPNEGO on the appliance

  1. #1
    Join Date
    Sep 2012
    Posts
    3
    Rep Power
    3

    Default SPNEGO on the appliance

    I have installed the appliance (zca-8.0.0.1147) for a proof of concept and it works fine so far on vSphere 5u1 and I setup a single domain with LDAP auth against AD with no problems.

    I attempted to follow the instructions in the admin guide to enable SPNEGO authentication - we use Kerberos a lot on Windows/Linux workstations. However I now get an Internal Server Error ERROR 500 in the browser when logging in.

    I then tried to enable the debugging options suggested in the guide. The details are a bit vague in the docs but it seems I should put this in /opt/zimbra/conf/localconfig.xml

    Code:
    <key name="spnego_java_options">
        <value>"-DDEBUG=true -Dsun.security.spnego.debug=all"</value>
      </key>
    and add a line to /opt/zimbra/conf/log4j.properties.in (the docs say without the .in but that file is generated at the service start up and overwritten)

    The localconfig change causes the Zimbra system to fail to start up. The extra logging seems to cause this:

    Code:
    2012-09-20 10:48:57.061:WARN:oejs.ServletHandler:/
    java.lang.IllegalArgumentException
            at org.eclipse.jetty.server.Response.sendRedirect(Response.java:450)
            at javax.servlet.http.HttpServletResponseWrapper.sendRedirect(HttpServletResponseWrapper.java:136)
            at org.eclipse.jetty.http.gzip.GzipResponseWrapper.sendRedirect(GzipResponseWrapper.java:306)
            at org.apache.taglibs.standard.tag.common.core.RedirectSupport.doEndTag(RedirectSupport.java:148)
            at org.apache.jsp.public_.login_jsp._jspx_meth_c_redirect_7(login_jsp.java:3212)
            at org.apache.jsp.public_.login_jsp._jspx_meth_c_if_19(login_jsp.java:3171)
    I have double checked the settings using zmprov and they all look correct against the doc examples.

    I'd be grateful for some directions on getting this working.

    Cheers
    Jon

  2. #2
    Join Date
    Mar 2012
    Posts
    4
    Rep Power
    3

    Default

    Hi Jon,

    Just got the same problem here.
    First, make sure your SSO configuration is correct by pointing your browser to <zimbra server>/service/spnego/snoop.jsp. If successful, this will give you all the information about the authentication.
    Then, try the follolwing URL: <zimbra server>/service/spnego/ This should let you enter your Zimbra account.

    Finally, the right URL for the zimbraWebClientLoginURL is '../service/spnego' (not '../../service/spnego').

    Last but not least, when enabling the DEBUG traces, the documentation states you need to *ADD* '-DDEBUG=true -Dsun.security.spnego.debug=all' and other stuff to the existing setting, not replace.
    By replacing it, you remove the configuration settings for Kerberos and this creates other problems

    Stephane
    VMware Employee

  3. #3
    Join Date
    Sep 2008
    Location
    Los Angeles, CA
    Posts
    135
    Rep Power
    7

    Default

    any resolution? i can't get SSO/spnego working either. Followed the Appendix in the Admin Manual word for word, but no luck.

Similar Threads

  1. spnego sso failure redirect
    By cbl016 in forum Administrators
    Replies: 4
    Last Post: 11-13-2012, 10:44 AM
  2. spnego error
    By maumar in forum Zimbra Connector for Outlook
    Replies: 0
    Last Post: 09-12-2012, 12:10 AM
  3. Zimbra SPNEGO Single Sign-On for ZCS
    By rrittmann in forum Installation
    Replies: 0
    Last Post: 08-10-2012, 08:15 AM
  4. Appliance Now GA!
    By mmorse in forum Announcements
    Replies: 0
    Last Post: 08-10-2010, 06:03 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •