Thread: Kerberos ticket validation - GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

I am a seasoned c# developer have have worked with Java here and there it is fairly similar in many respects. I am struggling to get something that is very simple to do in .net in java ans that is validate a kerberos ticket. i have some simple code that generates a ticket after asking for a username and password and the ticket generation works. I want to then pass this to a server to validate the user coming in but i get the following error:


Exception in thread "main" GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
at sun.security.jgss.GSSHeader.<init>(GSSHeader.java: 97)
at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:306)
at sun.security.jgss.GSSContextImpl.acceptSecContext( GSSContextImpl.java:285)
at com.company.KerberosTicketRetriever.retrieveTicket (KerberosTicketRetriever.java:194)
at com.company.Main.main(Main.java:28)

On doing research it looks to be like i might need an SPN (service principal name) for the server which i can do but i don't know what the service name is that i need to register that for. I have an Apache Ignite server that i have written a java plugin for that authenticates and authorizes users. The plumbing for that is all working and now i need to get the kerberos validation working but have this issue. If i have to create an SPN what would the service be or can that be anything i make up like "Ignite" for example.


Lastly, does anyone know if there is an easier way to do a single signon or kerberos authentication. I tried waffle and spnego but that seems to be for web clients.

thanks Wayne

its just java code i have the source code for it. All i am trying to do is authenticate kerberos from a client to a service