on 06-13-2017 11:11 PM
hi, bi 4.2 sp3 . manual SSO works fine. But when doing , SSO , I see the below message in tomcat logs. What does this mean
Using keytab entry for: BOPRD@DOMAIN.COM
[DEBUG] Tue Jun 13 17:25:08 EDT 2017 jcsi.kerberos: ** decrypting ticket .. **
with key
Principal: BOPRD@DOMAIN.COM
Type: 1
TimeStamp: Tue Jun 13 17:25:07 EDT 2017
KVNO: -1
Key: [18, 67 2 d4 e9 19 66 7d b2 2d 55 e8 cb bc 1c 31 34 5f c2 4e 2d 17 95 ef 6d 46 fd 77 6a 8f 12 54 49 ]
[DEBUG] Tue Jun 13 17:25:08 EDT 2017 jcsi.kerberos: Could not decrypt service ticket with Key type 18, KVNO 3, Principal "HTTP/BOSERVER.DOMAIN.COM@DOMAIN.COM" using key:
Principal: [1] BOPRD@DOMAIN.COM
TimeStamp: Tue Jun 13 17:25:07 EDT 2017
KVNO: -1 EncType: 18 Key: 32 bytes, fingerprint = [69 c6 77 e3 ef 45 6e 84 b 8c 11 c4 95 0 fa 80]
Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?]
[DEBUG] Tue Jun 13 17:25:08 EDT 2017 jcsi.kerberos: Caused by: com.dstc.security.kerberos.CryptoException, Integrity check failure [DEBUG] Tue Jun 13 17:25:08 EDT 2017 jcsi.kerberos: GSS: Initiator supports: KRB5 [DEBUG] Tue Jun 13 17:25:08 EDT 2017 jcsi.kerberos: GSS: Initiator TGS key type:
this was found to be a issue with aes256 encryption
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
seems issue with the keytab file.
try using password method for testing if SSO works then generate new keytab.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
1. Please run "setspn -x" in your AD DC machine and check if there is any duplicate SPN.
2. Please check your global.properites to see if the service account name(idm.princ) is with exact lowercase and upercase as seen in AD.
Regards,
Ivan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
88 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.