SPNEGO Support with AES256 encryption

martdj · August 11, 2021, 2:51pm

Hi guys,

I guess this is more a WebSphere question than a Connections question, but maybe someone looked into this. We still use old fashioned SPNEGO as SSO solution in Connections at one of our customers. Currently RC4 is used as encryption protocol for the kerberos communication. They want to replace this by AES256. Does Connections/WebSphere support this?

From what I found (for example here), this support depends on how the keytab was created. This was done a while ago and not by me. Does anyone know how to see what encryption protocols are supported in a keytab? Are there other things I should think about that will determine whether WebSphere supports AES256 for SPNEGO?

anon-1464 · August 11, 2021, 3:11pm

Hi @Martijn de Jong ,

From my point of view. SPNEGO is most like a container level authentication method. Thus, we should check if Websphere supports it or not.

Then, I check documentation on IBM, and I found some info that may help and I quote:

------------------------------------------------

The Kerberos authentication protocol relies on symmetric authentication by using shared keys and secrets. At different stages during authentication, different topology members need to encrypt or decrypt tokens.

In general, Kerberos does not restrict the encryption algorithms that are used. Administrators must be aware of the encryption algorithms that different topology members use.

Microsoft Active Directory supports Rivest Cipher 4 (RC4), Advanced Encryption Standard 128-bit (AES-128), Advanced Encryption Standard 256-bit (AES-256), and Data Encryption Standard (DES) encryption. These encryption algorithms are augmented with cryptographic hash functions such as Security Hash Algorithm (SHA) and Message Digest Algorithm 5 (MDA5). For optimal security, it is best to avoid use of DES encryption, which is considered unsecure.

Microsoft Windows 2008 R2 and later, WebSphere® Application Server Version 8 and later, and IBM JRE 6 and later all support strong encryption algorithms. Starting in Windows 2008 R2, DES is no longer the default encryption algorithm; however, it is still available for deployments with older Windows servers and clients.

------------------------------------------------

Reference Link:

https://www.ibm.com/docs/en/elm/7.0.2?topic=information-configuring-encryption

Please note, this is just a hint, hope it would help you a bit.

Thanks.

Rock

anon-827 · August 12, 2021, 1:03pm

Hi Martijn,

I can confirm that AES-256 encryption for Kerberos works. I configured it for my last installations.

The AD Admin needs to create the keytab file with AES-256 support and mark the account where the SPN is configured to allow AES-256 encryption. In the AD GUI, there is an option for it.

My WAS Server has java version "1.8.0_231". With this version, I did not modify any security files in the java folder.

On Linux, you can see what is in the keytab file by "klist -k server.keytab -e"
I suppose, your Admin needs to create a new keytab file with AES256 support which immediately invalidates the old keytab file, breaking your SSO. (Maybe you are lucky and you can create a new SPN with a different name in another AD Account.)

My krb5.conf looks like this (I removed the real company details)

[libdefaults]
default_realm = COMPANY.REALM
default_keytab_name = FILE:/opt/IBM/data/shared/SPNEGO/server.keytab
default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96
forwardable = true
renewable = true
noaddresses = true
clockskew = 300
[realms]
COMPANY.REALM = {
kdc = ad.controller.hostname:88
default_domain = ad.domain
}
[domain_realm]
.ad.domain = COMPANY.REALM

Hope this helps and I did not miss any important step/configuration.

Martin Schmidt