Skip to Content
0
Former Member
Jul 21, 2007 at 04:59 AM

Portal Single Sign-On AIX to ADS

56 Views

We're attempting to implement single sign-on using SPNego on our dev portal. It is in an AIX 5.3 - IBM Java 64-bit v1.4.2 SR8 environment, and the LDAP server is Active Directory on Win2003.

After following the configuration steps, we get an "UNKNOWN_ERROR" message on the login page for the portal.

Running the diagtool gives the following error in the first step: "Error initializing lv client" followed by a string of Java classes (see below).

We have a sandbox portal running on W2K3 - Sun 32-bit JDK, and SSO is working fine there with the same krb5.conf values for the ADS server.

We've tried using both HTTP/<hostname>@REALM and host/<hostname>@REALM as the Kerberos principle in the config. with no impact to the results, and we've tried keytab files created on Windows, the Sun JDK and AIX.

We opened an OSS note today, and any SDN help would be greatly appreciated as well.

###

Output of >uname -a

AIX r02dev03 3 5 0022AF7A4C00

Output of >java -fullversion

java full version "J2RE 1.4.2 IBM AIX 5L for PowerPC (64 bit JVM) build caix6414

2ifx-20070509 {SR8 SAP ifix: 119818}"

Relevant diagtool error messages:

<b>Error Messages in Diagtool Header</b>

Error initializing lv client

[EXCEPTION]

com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server.

at com.sap.engine.services.jmx.connector.p4.P4ConnectorClient.<init>(P4ConnectorClient.java:96)

at com.sap.engine.services.jmx.connector.p4.ConnectorFactory.getJmxConnector(ConnectorFactory.java:31)

at com.sap.jmx.remote.JmxConnectionFactory.getConnector(JmxConnectionFactory.java:191)

at com.sap.jmx.remote.JmxConnectionFactory.getMBeanServerConnection(JmxConnectionFactory.java:92)

at com.sap.engine.config.diagtool.util.LVClient.init(LVClient.java:149)

at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:265)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)

at java.lang.reflect.Method.invoke(Method.java:391)

at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)

Caused by: com.sap.engine.services.jndi.persistent.exceptions.NoPermissionException: Exception during getInitialContext operation. Wrong security principle/credentials. [Root exception is com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.]

at com.sap.engine.services.jndi.InitialContextFactoryImpl.handleUserProblem(InitialContextFactoryImpl.java:512)

at com.sap.engine.services.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:366)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:675)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:257)

at javax.naming.InitialContext.init(InitialContext.java:233)

at javax.naming.InitialContext.<init>(InitialContext.java:209)

at com.sap.engine.services.jmx.connector.p4.P4ConnectorClient.<init>(P4ConnectorClient.java:69)

... 11 more

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:180)

at java.security.AccessController.doPrivileged(AccessController.java:242)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:177)

at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImpl.login(RemoteLoginContextHelperImpl.java:72)

at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImplp4_Skel.dispatch(RemoteLoginContextHelperImplp4_Skel.java:64)

at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:320)

at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:198)

at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:129)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(AccessController.java:215)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Authentication did not succeed.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:177)

... 13 more

Error initializing lc client

[EXCEPTION]

com.sap.engine.services.jmx.exception.JmxConnectorException: Unable to connect to connector server.

at com.sap.engine.services.jmx.connector.p4.P4ConnectorClient.<init>(P4ConnectorClient.java:96)

at com.sap.engine.services.jmx.connector.p4.ConnectorFactory.getJmxConnector(ConnectorFactory.java:31)

at com.sap.jmx.remote.JmxConnectionFactory.getConnector(JmxConnectionFactory.java:191)

at com.sap.jmx.remote.JmxConnectionFactory.getMBeanServerConnection(JmxConnectionFactory.java:92)

at com.sap.engine.config.diagtool.util.LCClient.init(LCClient.java:163)

at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:275)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)

at java.lang.reflect.Method.invoke(Method.java:391)

at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)

Caused by: com.sap.engine.services.jndi.persistent.exceptions.NoPermissionException: Exception during getInitialContext operation. Wrong security principle/credentials. [Root exception is com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.]

at com.sap.engine.services.jndi.InitialContextFactoryImpl.handleUserProblem(InitialContextFactoryImpl.java:512)

at com.sap.engine.services.jndi.InitialContextFactoryImpl.getInitialContext(InitialContextFactoryImpl.java:366)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:675)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:257)

at javax.naming.InitialContext.init(InitialContext.java:233)

at javax.naming.InitialContext.<init>(InitialContext.java:209)

at com.sap.engine.services.jmx.connector.p4.P4ConnectorClient.<init>(P4ConnectorClient.java:69)

... 11 more

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:180)

at java.security.AccessController.doPrivileged(AccessController.java:242)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:177)

at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImpl.login(RemoteLoginContextHelperImpl.java:72)

at com.sap.engine.services.security.remoteimpl.login.RemoteLoginContextHelperImplp4_Skel.dispatch(RemoteLoginContextHelperImplp4_Skel.java:64)

at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:320)

at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:198)

at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:129)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(AccessController.java:215)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Authentication did not succeed.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:177)

... 13 more

<b>Error Messages in Step 5</b>

Error connecting to the LDAP server

[EXCEPTION]

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece]

at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3005)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)

at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2752)

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2666)

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208)

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81)

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:675)

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:257)

at javax.naming.InitialContext.init(InitialContext.java:233)

at javax.naming.InitialContext.<init>(InitialContext.java:209)

at com.sap.engine.config.diagtool.lib.ldap.LDAPServer.connect(LDAPServer.java:99)

at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.checkServiceUser(MSActiveDirectoryKrbTest.java:153)

at com.sap.engine.config.diagtool.tests.authentication.krb.MSActiveDirectoryKrbTest.execute(MSActiveDirectoryKrbTest.java:127)

at com.sap.engine.config.diagtool.Task.execute(Task.java:55)

at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)

at java.lang.reflect.Method.invoke(Method.java:391)

at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)

<b>Error Messages in Step 8</b>

LC client was not initialized