Skip to Content
0
Former Member
Sep 07, 2007 at 11:38 PM

Active Directory Integration with WebSphere Issues

95 Views

Post Author: acarruth

CA Forum: Authentication

Hi, has anyone gotten this to work?

I followed the guide to setting it up, but I am encountering two errors, which show up in my trace:

[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: >>>KRBError:[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: sTime is Fri Sep 07 11:26:40 PDT 2007 1189189600000[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: suSec is 30612[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: error code is 52[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: realm is MY.DOMN.COM[9/7/07 11:26:40:365 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KRBError:WebContainer : 1: sname is BOBJCentralMS/server1.my.domn.com[9/7/07 11:26:40:380 PDT] 00000046 SystemErr R java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key com.ibm.security.jgss.i18n.exception.KRBResponseTooBigError

And:

...

[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KrbKdcReq:WebContainer : 1: >>> KrbKdcReq send: #bytes read=1292[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KrbKdcReq:WebContainer : 1: >>> KrbKdcReq send: #bytes read=1292[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [JGSS_DBG_CRED] Kerberos login complete[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [KRB_DBG_KDC] Credentials:WebContainer : 1:Client Name:myacct@MY.DOMN.COM[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [KRB_DBG_KDC] Credentials:WebContainer : 1: Session Key is Only Service Key [9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [KRB_DBG_KDC] Credentials:WebContainer : 1: Session Key is Only Service Key [9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [JGSS_DBG_CRED] Login successful[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [JGSS_DBG_CRED] myacct@MY.DOMN.COM added to Subject[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [JGSS_DBG_CRED] Kerberos ticket for myacct@MY.DOMN.COM added to Subject[9/7/07 11:26:40:302 PDT] 00000046 SystemOut O [JGSS_DBG_CRED] No keys to add to Subject for myacct@MY.DOMN.COM[9/7/07 11:26:40:318 PDT] 00000046 SystemOut O [KRB_DBG_KDC] Credentials:WebContainer : 1:Client Name:myacct@MY.DOMN.COM[9/7/07 11:26:40:318 PDT] 00000046 SystemOut O [KRB_DBG_KDC] Credentials:WebContainer : 1:Client Name:myacct@MY.DOMN.COM[9/7/07 11:26:40:318 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KrbKdcReq:WebContainer : 1: >>> KrbKdcReq send: kdc=MY.DOMN.COM UDP:88, timeout=30000, number of retries =3, #bytes=1247[9/7/07 11:26:40:318 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KrbKdcReq:WebContainer : 1: >>> KrbKdcReq send: #bytes read=119[9/7/07 11:26:40:333 PDT] 00000046 SystemOut O [KRB_DBG_KDC] KrbKdcReq:WebContainer : 1: >>> KrbKdcReq send: #bytes read=119[9/7/07 11:26:40:333 PDT] 00000046 SystemErr R com.ibm.security.krb5.Asn1Exception, status code: 906 message: Unexpected ASN1 identifier at com.ibm.security.krb5.internal.KDCRep.a(KDCRep.java:53)

It looks as though it is authenticating successfully with AD via Kerberos, but the UDP packet being sent back to WebSphere is too big for the UDP frame. Usually, this should just roll over to TCP, and then try the connection again. However, it fails to find the com.ibm.security.jgss.i18n.exception.KRBResponseTooBigError property, which causes the whole operation to fail. Can anyone lend any insight into this? We have Business Objects XI R2 SP2 RTM (all one install, not a separate SP2 install), Windows 2003 Server (bobj and domain controller) and Websphere Application Server ND 6.0.0.2.

Has anyone had any luck with Websphere?

Thanks,Allan