You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Core libraries used by .NET and Java apps use MIT Kerberos to do Kerberos (aka Integrated) authentication when running on Linux. This buildpack configures MIT Kerberos, and obtains the necessary initial TGT tickets necessary for the app to acquire authentication tickets.
40
40
41
-
A sidecar runs in background that will obtain tickets Kerberos .NET
41
+
A sidecar runs in background that will obtain tickets Kerberos .NET
42
+
43
+
## Troubleshooting
44
+
45
+
Recommendation is to start with sample app included, which exposes the folowing endpoints:
46
+
`/user` - which will authenticate incoming HTTP principal and print caller's identity. Simply call this endpoint on domain joined box from browser
47
+
`sql` - tests kerberos connection to SQL Server. Set connection string either in `appsettings.json` or via environmental variable `CONNECTIONSTRINGS__SQLSERVER`.
48
+
`/testkdc` - verify that connection can be established to KDC server on port 88.
49
+
50
+
After the app starts up you should see logs emitted from sidecar process that look like this:
2022-01-26T16:04:53.24-0500 [APP/PROC/WEB/0] OUTEnsurethatthefollowingSPNfor the service exists: http/kerberosdemo.apps.longbeach.cf-app.com
65
+
```
66
+
67
+
If you have not received a message similar to `Service authenticated successfully as 'iwaclient'`, it means that the worker sidecar has been unable to obtain ticket from your KDC.
68
+
69
+
#### Things to check
70
+
71
+
- Sidecar process started, as indicated by log entry containing `Now listening on: http://0.0.0.0:9090`. (noteport9090-theremaybesimilarlogentrybutforport8080-thatoneisforthemainapp).
0 commit comments