spring kerberos missing negotiated request

I have a spring security based kerberos authentication which has been working fine, however, suddenly it started missing the negotiated request (the 2nd request from client after spring initiated the NEGOTIATE).

1st state:

somehow, instead of sending two requests from client, spring only received the first request, followed by a call to /favicon, which instead should be same endpoint if it’s working.

I have then added /favicon to the permitAll() list, which then resulted in 2nd state.

2nd state:

only single request reached to spring MVC
Lesson learnt here, it could never log too much during debuging/troubleshooting

It took me really a great mount of time to figure this out, but in short, it’s due to the HTTP header from client after KDC/TGT’s encrypted message suddenly become larger (likely KDC/TGT has sent more data) than tomact default threshold.

The changes:

The working result:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s