Hi,
I would like to implement kerberos to java stack for SSO reason, but unfortunately, I faced with a trouble while configuring the system. Actually, I want to implement this for cross domain solution, but even in same AD domain I see some errors in diagtool output, below;
Creating new instance of SpNegoState (negstate= initial, mechanism.oid= null)
Acquiring credentials for realm YASARSAP.ASTRON.GRP
Looking for credentials for realm YASARSAP.ASTRON.GRP
Looking for credentials for j2ee-cr7 @ YASARSAP.ASTRON.GRP in {}
[Security Context : [Security Session (0) for J2EE_GUEST created at Wed Jul 01 17:39:15 EEST 2009]] created from parent [Security Context : [Security Session (0) for J2EE_GUEST created at Wed Jul 01 17:39:15 EEST 2009]]
Acquiring credentials for GSS name j2ee-cr7 @ YASARSAP.ASTRON.GRP
GSS name type is: 1
GSS name type 1 is :1.2.840.113554.1.2.1.1
GSS mechanism is: 1.2.840.113554.1.2.2
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is j2ee-cr7 @ YASARSAP.ASTRON.GRP tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Refreshing Keytab
>>> KeyTabInputStream, readName(): YASARSAP.ASTRON.GRP
>>> KeyTabInputStream, readName(): j2ee-cr7
>>> KeyTab: load() entry length: 54; type: 3
principal's key obtained from the keytab
Acquire TGT using AS Exchange
on Exception : Error in some of the login modules.
java.lang.Exception
at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1175)
at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:263)
.
.
.
Caused by: java.lang.NullPointerException
at java.lang.StringBuffer.append(StringBuffer.java:467)
.
.
.
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:206)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:29)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:301)
LOGIN.FAILED
User: N/A
Authentication Stack: com.sun.security.jgss.accept
Login Module Flag Initialize Login Commit Abort Details
1. com.sun.security.auth.module.Krb5LoginModule OPTIONAL ok exception false null
#1 debug = true
#2 doNotPrompt = true
#3 principal = j2ee-cr7 @ YASARSAP.ASTRON.GRP
#4 refreshKrb5Config = true
#5 storeKey = true
#6 useKeyTab = true
#7 useTicketCache = false
Exception : Access Denied.
java.lang.Exception
at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1175)
at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:263)
at com.sap.engine.services.security.exceptions.BaseLoginException.<init>(BaseLoginException.java:116)
Acquiring credentials for realm YASARSAP.ASTRON.GRP failed
[EXCEPTION]
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
I emphasise that I am using well known browsers such as IE8 and Firefox 3.0 in order to avoid problems. As far as I understand that the browser cannot send a ticket to the browser. What do you suggest about the problem?
Thank you
Orkun Gedik