Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SSO with AD Kerberos

I am getting, when using SSO with AD kerberos

HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 23, KVNO 2, Principal "HTTP/abc @ DOMAIN.NET" using key: Principal: HTTP/abc.domain.net @ DOMAIN.NETType: 1 TimeStamp: Wed Dec 31 16:00:00 PST 1969 KVNO: -1 Key: [23, ae 64 b5 13 e6 d3 e7 d0 6d b5 67 67 32 fa 72 c4 ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] )

Everything including the keytab file seems fine. Any suggestions?

replied

no, the real fix is likely to add the 2nd SPN from my 1st response. The quick fix should be to hit the FQDN and add it to the local intranet sites.

-Tim

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question