Skip to Content
0
Dec 04, 2006 at 03:13 PM

SPNego authentication does not work at two clients SP18

35 Views

Hello SDN,

we have implemented the SPNego Authentication for our Portal. It works fine for the most user.

But at two of these users we facing the following problem. The authentication fails with response code 401. The log of the j2ee reports the following:

#1.5#0030058016C00013000000000000350C000423C467D392DF#1165226371530#com.sap.security.core.server.jaas.SPNegoLoginModule#sap.com/irj#com.sap.security.core.server.jaas.SPNegoLoginModule#Guest#2####2315a2a0837e11dbaacc0030058016c0#SAPEngine_Application_Thread[impl:3]_10##0#0#Error##Java###Decoding error in parsing of spnego token.

[EXCEPTION]

#1#iaik.asn1.CodingException: Error reading ASN.1 datastructure: null at iaik.asn1.DerCoder.decode(Unknown Source) at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:573) at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:321) at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:154) at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:170) at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86) at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303) at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96) at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186) at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545) at java.security.AccessController.doPrivileged(Native Method) at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321) at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377) at com.sap.portal.navigation.Gateway.service(Gateway.java:101) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170) # #1.5#0030058016C00013000000010000350C000423C467D397D3#1165226371546#com.sap.security.core.server.jaas.SPNegoLoginModule#sap.com/irj#com.sap.security.core.server.jaas.SPNegoLoginModule#Guest#2####2315a2a0837e11dbaacc0030058016c0#SAPEngine_Application_Thread[impl:3]_10##0#0#Error##Plain###Error during handshake (has already been reported). Authentication failed.# #1.5#0030058016C00013000000030000350C000423C467D454E3#1165226371593#com.sap.security.core.imp#sap.com/irj#com.sap.security.core.imp.[cf=com.sap.security.core.sapmimp.logon.SAPMLogonLogic][md=doLogon][cl=20293]#Guest#2####2315a2a0837e11dbaacc0030058016c0#SAPEngine_Application_Thread[impl:3]_10##0#0#Error##Java###doLogon failed [EXCEPTION] #1#com.sap.security.core.logon.imp.UMELoginException

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:339)

at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)

at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)

at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)

at java.security.AccessController.doPrivileged(Native Method)

at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)

at com.sap.portal.navigation.Gateway.service(Gateway.java:101)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

#

#1.5#0030058016C00013000000040000350C000423C467D4700D#1165226371593#com.sap.security.core.util#sap.com/irj#com.sap.security.core.util.[cf=com.sap.security.core.util.ResourceBean][md=print][cl=17007]#Guest#2####2315a2a0837e11dbaacc0030058016c0#SAPEngine_Application_Thread[impl:3]_10##0#0#Error##Java###Message ID (UNKNOWN_ERROR) not found in properties files-UNKNOWN_ERROR

[EXCEPTION]

#1#java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key UNKNOWN_ERROR at java.util.ResourceBundle.getObject(ResourceBundle.java:325) at java.util.ResourceBundle.getObject(ResourceBundle.java:322) at java.util.ResourceBundle.getString(ResourceBundle.java:285) at com.sap.security.core.util.ResourceBean.getString(ResourceBean.java:115) at com.sap.security.core.util.ResourceBean.print(ResourceBean.java:129) at sapportalsjspumLogonPage.subDoContent(_sapportalsjsp_umLogonPage.java:514) at sapportalsjspumLogonPage.doContent(_sapportalsjsp_umLogonPage.java:67) at sapportalsjspumLogonPage.service(_sapportalsjsp_umLogonPage.java:47) at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.service(PortalComponentItemFacade.java:360) at com.sapportals.portal.prt.core.broker.PortalComponentItem.service(PortalComponentItem.java:934) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:435) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:527) at com.sapportals.portal.prt.component.AbstractComponentResponse.include(AbstractComponentResponse.java:89) at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:232) at com.sap.security.core.logonadmin.ComponentAccessToLogic.gotoPage(ComponentAccessToLogic.java:109) at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:994) at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:240) at com.sapportals.portal.ume.component.logon.SAPMLogonComponent.doContent(SAPMLogonComponent.java:36) at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209) at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114) at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189) at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215) at com.sapportals.portal.ume.component.logon.SAPMLogonCertComponent.doContent(SAPMLogonCertComponent.java:33) at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209) at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114) at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189) at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215) at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:646) at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136) at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189) at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753) at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240) at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545) at java.security.AccessController.doPrivileged(Native Method) at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321) at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377) at com.sap.portal.navigation.Gateway.service(Gateway.java:101) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390) at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347) at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325) at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887) at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241) at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92) at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148) at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33) at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41) at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37) at java.security.AccessController.doPrivileged(Native Method) at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100) at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170) # #1.5#0030058016C00013000000050000350C000423C467D482FC#1165226371593#com.sap.security.core.util#sap.com/irj#com.sap.security.core.util.[cf=com.sap.security.core.util.ResourceBean][md=print][cl=17007]#Guest#2####2315a2a0837e11dbaacc0030058016c0#SAPEngine_Application_Thread[impl:3]_10##0#0#Error##Java###Message ID (UNKNOWN_ERROR) not found in properties files-UNKNOWN_ERROR [EXCEPTION] #1#java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key UNKNOWN_ERROR

at java.util.ResourceBundle.getObject(ResourceBundle.java:325)

at java.util.ResourceBundle.getObject(ResourceBundle.java:322)

at java.util.ResourceBundle.getString(ResourceBundle.java:285)

at com.sap.security.core.util.ResourceBean.getString(ResourceBean.java:115)

at com.sap.security.core.util.ResourceBean.print(ResourceBean.java:129)

at sapportalsjspumLogonPage.subDoContent(_sapportalsjsp_umLogonPage.java:514)

at sapportalsjspumLogonPage.doContent(_sapportalsjsp_umLogonPage.java:67)

at sapportalsjspumLogonPage.service(_sapportalsjsp_umLogonPage.java:47)

at com.sapportals.portal.prt.core.broker.PortalComponentItemFacade.service(PortalComponentItemFacade.java:360)

at com.sapportals.portal.prt.core.broker.PortalComponentItem.service(PortalComponentItem.java:934)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:435)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:527)

at com.sapportals.portal.prt.component.AbstractComponentResponse.include(AbstractComponentResponse.java:89)

at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:232)

at com.sap.security.core.logonadmin.ComponentAccessToLogic.gotoPage(ComponentAccessToLogic.java:109)

at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:259)

at com.sapportals.portal.ume.component.logon.SAPMLogonComponent.doContent(SAPMLogonComponent.java:36)

at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)

at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)

at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)

at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)

at com.sapportals.portal.ume.component.logon.SAPMLogonCertComponent.doContent(SAPMLogonCertComponent.java:33)

at com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:209)

at com.sapportals.portal.prt.component.AbstractPortalComponent.service(AbstractPortalComponent.java:114)

at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)

at com.sapportals.portal.prt.component.PortalComponentResponse.include(PortalComponentResponse.java:215)

at com.sapportals.portal.prt.pom.PortalNode.service(PortalNode.java:646)

at com.sapportals.portal.prt.core.PortalRequestManager.callPortalComponent(PortalRequestManager.java:328)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:136)

at com.sapportals.portal.prt.core.PortalRequestManager.dispatchRequest(PortalRequestManager.java:189)

at com.sapportals.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:753)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:240)

at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)

at java.security.AccessController.doPrivileged(Native Method)

at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)

at com.sap.portal.navigation.Gateway.service(Gateway.java:101)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

*********************************************************************************************

One user is able to authenticate to the production system but not able to authenticate to the test system. The second user is not able to authenticate at both via SPNego.

I have found the follwoing SAP Note: 934138 and the Microsoft note KB902409.

The clients seems to be send a NTLM instead of a Kerberos token.

Both does not help.

Do you have any idea what to do.

Thanks.

Best Regards.

Olaf Reis