Skip to Content

Can you give any clues to crystal exception during kerberos sso attempt into cms on linux?

Apr 05 at 03:25 PM


avatar image

client: boeuser2@WAR.COM
session key: [23, 23 db 9d ba bd 47 c3 ad d6 9d 87 a5 95 60 ca 7a ]
service principal: krbtgt/WAR.COM@WAR.COM
valid from: Thu Apr 05 11:28:45 UTC 2018
valid till: Thu Apr 05 21:28:45 UTC 2018
renewable till: Thu Apr 12 11:28:45 UTC 2018
encryption type: 23
key version num: 2
service principal: krbtgt/WAR.COM@WAR.COM
ticket flags: forwardable forwarded renewable preauthent
valid for: all addresses
[DEBUG] Thu Apr 05 14:05:50 UTC 2018 jcsi.kerberos: ** creating application response .. **
with key
[23, ab c1 a9 e3 e8 73 45 d6 a4 3b d2 9a 53 27 2d ce ]
[DEBUG] Thu Apr 05 14:05:50 UTC 2018 jcsi.kerberos: created application response:

++++ KRB-AP-REP Message ++++
encryption type: 23
sequence number: 69992197
sub session key: null
client time: Thu Apr 05 14:05:49 UTC 2018
cusec: 3291
com.crystaldecisions.sdk.exception.SDKException$InvalidArg: The argument has an invalid value null (FWM 02024)

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Tim Ziemba
Apr 09 at 11:37 AM

If the CMS is on Linux is cannot support kerberos SSO, what method are you using? You can still use the Microsoft spnego to capture the username, trusted auth remote user to use it to logon, and map groups in LDAP to provide account synchronization. That error seems to indicate that the user attempting SSO is not able to delegate, however more information would need to be known for full context, such as current configuration.

Below is the standard AD SSO config for non Windows BI servers. Also to note you should edit your post to remove specific usernames and info about your organization


10 |10000 characters needed characters left characters exceeded
Daniel Boquist Apr 11 at 02:16 PM

Thank you Tim. I forgot that I had submitted this question. The answer was a setting in one of the properties files (I don't remember which one).

Sso into CMC/BI via kerberos is working now. I'm documenting the entire process. I'd be more than happy to send you the doc when I am finished.

10 |10000 characters needed characters left characters exceeded