Re: SessionManager loginBySSPI

I have gotten further, but not sure how to make it work.  The actual Kerberos handshake is successful with the host, but when I pass that token to the loginBySSPI method it doesn't recognize my credentials.

The calling code is as follows:

        // create the interface on which services are defined
        VimServiceLocator vsl = new VimServiceLocator();
        VimPortType vimService = vsl.getVimPort(new URL(vcUrl));

        // create a ManagedObjectReference to the ServiceInstance
        ManagedObjectReference siMOR = new ManagedObjectReference();
        siMOR.set_value("ServiceInstance");
        siMOR.setType("ServiceInstance");
       
        // retrieve ServiceContent data object from ServiceInstance
        ServiceContent sc = vimService.retrieveServiceContent(siMOR);
       
        // log in with Session Manager
        ManagedObjectReference sessionMOR = sc.getSessionManager();
        SSPIHelper sh = new SSPIHelper(vcHost);
        String token = sh.InitializeClient();
        UserSession us = vimService.loginBySSPI(sessionMOR, token, null);

The helper call is below:

package SSPI;

import com.sun.jna.NativeLong;
import com.sun.jna.platform.win32.Secur32;
import com.sun.jna.platform.win32.Sspi;
import com.sun.jna.platform.win32.Sspi.CredHandle;
import com.sun.jna.platform.win32.Sspi.CtxtHandle;
import com.sun.jna.platform.win32.Sspi.SecBufferDesc;
import com.sun.jna.platform.win32.Sspi.TimeStamp;
import com.sun.jna.platform.win32.W32Errors;
import com.sun.jna.ptr.NativeLongByReference;

/**
*
* @author hildebj
*/
public class SSPIHelper {

  private static String _sRemotePrincipal;
 
  public SSPIHelper(final String remotePrincipal) {
    _sRemotePrincipal = "HOST/" + remotePrincipal;
  }
 
  public String InitializeClient() throws Exception {
   
    // client ----------- acquire outbound credential handle
    CredHandle phClientCredential = new CredHandle();
    TimeStamp ptsClientExpiry = new TimeStamp();
    if (Secur32.INSTANCE.AcquireCredentialsHandle(
     null,
        "Kerberos",
        new NativeLong(Sspi.SECPKG_CRED_OUTBOUND),
        null,
        null,
     null,
        null,
        phClientCredential,
        ptsClientExpiry) != W32Errors.SEC_E_OK)
      throw new Exception ("Couldn't aquire client credentials");
    // client ----------- security context
    CtxtHandle phClientContext = new CtxtHandle();
    NativeLongByReference pfClientContextAttr = new NativeLongByReference();
    SecBufferDesc pbClientToken;
    SecBufferDesc pbServerToken = null;

    int clientRc = W32Errors.SEC_I_CONTINUE_NEEDED;
    while (true) {
      // client ----------- initialize security context, produce a client token
      // client token returned is always new
      pbClientToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, Sspi.MAX_TOKEN_SIZE);
      if (clientRc == W32Errors.SEC_I_CONTINUE_NEEDED) {
        // server token is empty the first time
        SecBufferDesc pbServerTokenCopy = pbServerToken == null
                ? null : new SecBufferDesc(Sspi.SECBUFFER_TOKEN, pbServerToken.getBytes());
        clientRc = Secur32.INSTANCE.InitializeSecurityContext(
                        phClientCredential,
                        phClientContext.isNull() ? null : phClientContext,
                        _sRemotePrincipal,
                        new NativeLong(Sspi.ISC_REQ_CONNECTION),
                        new NativeLong(0),
                        new NativeLong(Sspi.SECURITY_NATIVE_DREP),
                        pbServerTokenCopy,
                        new NativeLong(0),
                        phClientContext,
                        pbClientToken,
                        pfClientContextAttr,
                        null);     
        if (clientRc == W32Errors.SEC_E_OK)
          break;
        if (clientRc != W32Errors.SEC_I_CONTINUE_NEEDED) {    
          throw new Exception("Failed to initialize security context: " + clientRc);
        }
      }
    }
    // release client context
    Secur32.INSTANCE.DeleteSecurityContext(phClientContext);
    Secur32.INSTANCE.FreeCredentialsHandle(phClientCredential);
    return new sun.misc.BASE64Encoder().encode(pbClientToken.getBytes());
  }
}

The error I'm getting is:

Exception in thread "main" AxisFault
faultCode: ServerFaultCode
faultSubcode:
faultString: Cannot complete login due to an incorrect user name or password.
faultActor:
faultNode:
faultDetail:
{urn:vim25}InvalidLoginFault:null

Cannot complete login due to an incorrect user name or password.
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:525)
at java.lang.Class.newInstance0(Class.java:372)
at java.lang.Class.newInstance(Class.java:325)
at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:104)
at org.apache.axis.encoding.ser.BeanDeserializer.<init>(BeanDeserializer.java:90)
at com.vmware.vim25.InvalidLogin.getDeserializer(InvalidLogin.java:87)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.apache.axis.encoding.ser.BaseDeserializerFactory.getSpecialized(BaseDeserializerFactory.java:154)
at org.apache.axis.encoding.ser.BaseDeserializerFactory.getDeserializerAs(BaseDeserializerFactory.java:84)
at org.apache.axis.encoding.DeserializationContext.getDeserializer(DeserializationContext.java:464)
at org.apache.axis.encoding.DeserializationContext.getDeserializerForType(DeserializationContext.java:547)
at org.apache.axis.message.SOAPFaultDetailsBuilder.onStartChild(SOAPFaultDetailsBuilder.java:157)
at org.apache.axis.encoding.DeserializationContext.startElement(DeserializationContext.java:1035)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:392)
at org.apache.axis.encoding.DeserializationContext.parse(DeserializationContext.java:227)
at org.apache.axis.SOAPPart.getAsSOAPEnvelope(SOAPPart.java:696)
at org.apache.axis.Message.getSOAPEnvelope(Message.java:435)
at org.apache.axis.handlers.soap.MustUnderstandChecker.invoke(MustUnderstandChecker.java:62)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:206)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.vmware.vim25.VimBindingStub.loginBySSPI(VimBindingStub.java:47475)