cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego Problem

Former Member
0 Kudos

Hello all,

I implemented the SPNego step by step using the following resource:

1. http://help.sap.com/saphelp_nw04/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/frameset.htm

2. /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source

3. /people/vaibhav.dua2/blog/2006/04/24/kerberos-implementation-with-ads-made-easy

But it does not work and I get the following error on my default trace file:

#1.5#000C293E717300570000000600000B3800041596B6A7D17E#1149636960096#com.sap.security.core.server.jaas.SPNegoLoginModule#sap.com/irj#com.sap.security.core.server.jaas.SPNegoLoginModule#Guest#2####35c6d600f5b511da907a000c293e7173#SAPEngine_Application_Thread[impl:3]_20##0#0#Error##Plain###Configuration error in SPNegoLoginModule: javax.security.auth.login.LoginException: Acquire credentials failed.#

#1.5#000C293E7173006C0000000000000B3800041596BB88ED22#1149637041953#com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper#sap.com/irj#com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper#Guest#2####66913910f5b511da9481000c293e7173#Thread[Thread-119,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Java###Error during credentials acquiring.

[EXCEPTION]

#1#GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)

at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)

at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)

at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)

at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:234)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:31)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:341)

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:230)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)

... 9 more

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:135)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:154)

After running klist -e -f -k -K D:\j2sdk1.4.2_06\bin\krb5.keytab

I get the following output:

[1] Service principal: host/portalqa.yoeldomain.com@YOELDOMAIN.COM

KVNO: 1

Key type: 3

Key: 0x86684a3e897abfd

[2] Service principal: HTTP/portalqa.yoeldomain.com@YOELDOMAIN.COM

KVNO: 9

Key type: 3

Key: 0xa82c627f51b637f4

I set my browser as indicated in my recourses. I use HTTP watch toll and set the filter for result 401 – No 401 was found.

I checked and found that UPN was set up properly.

Any Help will appreciated

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi,

Same error with EP7 nw 2004s sp12.

Any solution?

Thanks

JUANLG

Former Member
0 Kudos

Hello Yoel Malekan,

I have the exact sam error as you.

Did you find a sollution?