GSSContext with null SrcName


Staff member
I'm working a web appliaction with SSO based on the Windows domain login, for this purpose I have chosen to validate Kerberos tickets. But now I'm facing a problem for which I can't find a solution. I manage to validate a ticket without exceptions, but when I'm trying to get the userName,
is thrown, because the username is
and I don't know where is problem.

<strong>Why is user name null if I don't get any exception during the validation?</strong>

How I get userName:
String clientName = gssContext.getSrcName().toString();

I create my client based on this:

<a href="">Using GSSManager to validate a Kerberos ticket</a>

<a href="">How to obtain a kerberos service ticket via GSS-API?</a>

<a href="" rel="nofollow noreferrer"></a>

<strong>Update 1:</strong>

How I setup content, just copy-paste form here <a href=""></a>:

final Oid spnegoOid = new Oid("");

GSSManager gssmgr = GSSManager.getInstance();

// tell the GSSManager the Kerberos name of the service
GSSName serviceName = gssmgr.createName(this.servicePrincipal, GSSName.NT_USER_NAME);

// get the service's credentials. note that this run() method was called by Subject.doAs(),
// so the service's credentials (Service Principal Name and password) are already
// available in the Subject
GSSCredential serviceCredentials = gssmgr.createCredential(serviceName,
        GSSCredential.INDEFINITE_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);

// create a security context for decrypting the service ticket
GSSContext gssContext = gssmgr.createContext(serviceCredentials);

// decrypt the service ticket
System.out.println("Entering accpetSecContext...");
System.out.println( new String (Base64.encodeBase64( gssContext.acceptSecContext(this.kerberosTicket, 0,
        this.kerberosTicket.length) ) ));

// get the client name from the decrypted service ticket
// note that Active Directory created the service ticket, so we can trust it
String clientName = gssContext.getSrcName().toString();

<strong>Update 2:</strong>

If I setup spring security based on this <a href="" rel="nofollow noreferrer"></a> i also got the same error:

java.lang.NullPointerException at$
at Method) at

private static class KerberosValidateAction implements PrivilegedExceptionAction&lt;String&gt; {
    byte[] kerberosTicket;

    public KerberosValidateAction(byte[] kerberosTicket) {
        this.kerberosTicket = kerberosTicket;

    public String run() throws Exception {
        GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
        context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
        String user = context.getSrcName().toString(); // ERROR!
        return user;


<strong>Update 3:</strong>

Also tried change Java version from 1.8 to 1.7 as suggested here <a href="">Domain authentication with Kerberos fails</a>. No result.

<strong>Update 4:</strong>

First of all. Don't user Java 1.8 b40 and b45, both of them are broken. And don't test it on local PC, it doesn't work(I don't know why).

After changing on newest(b65) Java version, I got exception about encription(Cannot find key of appropriate type to decrypt AP REP - AES256 ...). This I have fixed by Java Cryptography Extension (JCE) for Java 1.8 and re-create keytab with
/crypto AES256-SHA1
after all this i got exception:

GSSException: Failure unspecified at GSS-API level (Mechanism level:
Checksum failed) at Source) at Source) at Source) at
... 4 more
Caused by: KrbException: Checksum failed at
Source) at
Source) at Source) at Source) at Source) at Source)
... 8 more
Caused by: Checksum
failed at
Source) at Source)
... 14 more

I tried <a href="" rel="nofollow noreferrer">this tutorial</a> and other way to create keytabfile, but i still don't have solution.