I’m trying to make Kerberos authentication connection to a SOAP service wsdl url. I’m able to establish connection successfully and make service calls. After I start my server, I’m able to make successful service call at least once. However after few requests (1 or more ), I suddenly get invalid token error. Once I get the error, future calls do not work and error persists.

IF I restart my server, then again service call works at least once. And above cycle continues.

I’m unable to figure out why suddenly token gets invalid, though it worked earlier. And restarting server makes token valid again.

Here is error stacktrace:

Caused by: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
        at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:237)
        at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)

Without seeing the Base 64 value or a hex dump, I assume that the client is sending a NTLM type 1 token and Java does not support NTLM.

I could not find root cause for why token is invalid. But here is how i get around this issue.

My authentication was working for first time after I restart my server and bean is loaded again in context. So I changed scope of my spring bean to prototype so that every time new proxy bean is created.