Skip to Content

Can you give any clues to crystal exception during kerberos sso attempt into cms on linux?

Credential
client: boeuser2@WAR.COM
session key: [23, 23 db 9d ba bd 47 c3 ad d6 9d 87 a5 95 60 ca 7a ]
service principal: krbtgt/WAR.COM@WAR.COM
valid from: Thu Apr 05 11:28:45 UTC 2018
valid till: Thu Apr 05 21:28:45 UTC 2018
renewable till: Thu Apr 12 11:28:45 UTC 2018
Ticket:
encryption type: 23
key version num: 2
service principal: krbtgt/WAR.COM@WAR.COM
ticket flags: forwardable forwarded renewable preauthent
valid for: all addresses
++++++++++++++++++++++++++++
[DEBUG] Thu Apr 05 14:05:50 UTC 2018 jcsi.kerberos: ** creating application response .. **
with key
[23, ab c1 a9 e3 e8 73 45 d6 a4 3b d2 9a 53 27 2d ce ]
[DEBUG] Thu Apr 05 14:05:50 UTC 2018 jcsi.kerberos: created application response:

++++ KRB-AP-REP Message ++++
encryption type: 23
sequence number: 69992197
sub session key: null
client time: Thu Apr 05 14:05:49 UTC 2018
cusec: 3291
++++++++++++++++++++++++++++
com.crystaldecisions.sdk.exception.SDKException$InvalidArg: The argument has an invalid value null (FWM 02024)
at com.crystaldecisions.sdk.occa.security.internal.SecuritySession.decodeSerializedSession(SecuritySession.java:931)

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Apr 09 at 11:37 AM

    If the CMS is on Linux is cannot support kerberos SSO, what method are you using? You can still use the Microsoft spnego to capture the username, trusted auth remote user to use it to logon, and map groups in LDAP to provide account synchronization. That error seems to indicate that the user attempting SSO is not able to delegate, however more information would need to be known for full context, such as current configuration.

    Below is the standard AD SSO config for non Windows BI servers. Also to note you should edit your post to remove specific usernames and info about your organization

    https://apps.support.sap.com/sap/support/knowledge/preview/en/1965433

    -Tim

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 11 at 02:16 PM

    Thank you Tim. I forgot that I had submitted this question. The answer was a setting in one of the properties files (I don't remember which one).

    Sso into CMC/BI via kerberos is working now. I'm documenting the entire process. I'd be more than happy to send you the doc when I am finished.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 08 at 04:18 PM

    Hi Daniel

    I am having exactly the same issue on AIX, did you manage to document the change that proved sucessful?

    Thanks

    Matt

    Add comment
    10|10000 characters needed characters exceeded