100 using spnego similarly like in enceladus to negotiate the auth

[TheLydonKing]

Added Kerberos Auth that can be used: curl -i --negotiate -u : "http://localhost:9090/token/generate"

The Current implementation is kind of working but testing has been difficult to implement. Currently getting a Bad Credentials Exception. Not sure if it's the Ldap search, the Keytab or the kerberos ticket that is currently causing the issue.

closes #100

[TheLydonKing]

Excuse the messy code if anyone tries to read this, just trying to find a configuration that works. A lot of code is duplicated or in the wrong folders, this will be cleaned up once we get a working solution.

So Far have tried multiple implementations such as those found in Enceladus as well as the official SPNEGO Documentation and Examples

The current implementation is being called correctly in the security filterchain if "curl -i --negotiate -u : "http://localhost:9090/token/generate" is being called. The Security filterchain is also successfully skipping this auth process if Basic Auth is stipulated in the http message and then BasicAuth is used.

The Current issue that's happening is currently getting a BadCredentials exception when trying to test it using MIT Kerberos on Windows. The Specific Error:

2024-06-12 12:52:52.666  WARN 17980 --- [nio-9090-exec-1] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate XXXX

org.springframework.security.authentication.BadCredentialsException: GSSContext name of the context initiator is null

Current Hypothesis on the issue:

• Something missing from the code. I've been using the above examples to write this code but it's possible that I've misinterpreted something or missed something. Another set of eyes may be able to point this out but currently I'm trying to experiment but not getting any changes.
• Error with Keytab. Keytab was created by Active Directory team but it's possible that a mistake was made or encryption type is incorrect etc.
• KRB5 is incorrect. So far I've tried 2 different KRB5 files and both have given the same output, so not sure if I have the correct data here.
• Testing on windows: Kerberos and keytabs are mostly used on Linux distributions. Attempting to try and use Curl and MIT Kerberos to test this but it's possible that something on Windows is causing issues as kerberos is quite rigid.
• Perhaps a SSL error with verifiying against the Absa KDC specified in the KRB5 files?
• Possibly a cross-domain issue as the test machine is D_ABSA but the Kerberos Keytab and KDC's are CORP domain? Possible that this may be causing issues?

Is anyone able to see a different error that I perhaps missed?

[TheLydonKing]

Has anyone been able to test this code or find any glaring issues while I was away? I had a think about this during some time off and I don't understand what else is required to work or how to debug what the issue is, as I stated above there's a lot of different issues that could be present.