Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego Login fails while using MacOS 10.4 and Firefox

Former Member
0 Kudos

Hello,

we are running an EP6 NW04 SPS 19 on an HP UX. For authentification we

configured kerberos via spnego. This is working fine for all windows

clients and the browsers ie6, ie7 and firefox.

While using Firefox on MacOS X it is not working. We analyzed the error.It is the following

error message in the trace file:

Decoding error in parsing of spnego token.

[EXCEPTION]

iaik.asn1.CodingException: ASN.1 creation error:SPNego OID expected.

Found 1.2.840.113554.1.2.2

As you can see, the mac client is sending the raw kerberos ticket. How

does the WAS handles this ticket?

Kind Regards,

Oliver

2 REPLIES 2

tim_alsop
Active Contributor
0 Kudos

Oliver,

The SAP SPNEGO login module supports OID 1.3.6.1.5.5.2 only, which is the OID for SPNEGO protocol, and this is why it is called an SPNEGO login module. It does not support other OIDS such as RFC1964 Kerberos V5 (1.2.840.113554.1.2.2) or NTLM (1.3.6.1.4.1.311.2.2.10). If you need to support other OIDS, and not just SPNEGO then you need to use a different login module. I can help you with that if you are interested since my company has a product (comprising a login module which uses Kerberos) which supports SPNEGO as well as other OIDS - it is not 100% SPNEGO based like the login module available from SAP.

Thanks,

Tim

tim_alsop
Active Contributor
0 Kudos

Oliver,

Some additional info - you will also find that this OID (1.2.840.113554.1.2.2) is used by Firefox if Firefox has been configured to use a client side gss-api library for IWA instead of SSPI like support (as in IE).

Thanks,

Tim