on 06-06-2006 3:08 PM
Hello all,
I implemented the SPNego step by step using the following resource:
1. http://help.sap.com/saphelp_nw04/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/frameset.htm
2. /people/wai-hon.lam/blog/2006/04/20/windows-integrated-authentication-via-kerberos-on-an-ldap-data-source
3. /people/vaibhav.dua2/blog/2006/04/24/kerberos-implementation-with-ads-made-easy
But it does not work and I get the following error on my default trace file:
#1.5#000C293E717300570000000600000B3800041596B6A7D17E#1149636960096#com.sap.security.core.server.jaas.SPNegoLoginModule#sap.com/irj#com.sap.security.core.server.jaas.SPNegoLoginModule#Guest#2####35c6d600f5b511da907a000c293e7173#SAPEngine_Application_Thread[impl:3]_20##0#0#Error##Plain###Configuration error in SPNegoLoginModule: javax.security.auth.login.LoginException: Acquire credentials failed.#
#1.5#000C293E7173006C0000000000000B3800041596BB88ED22#1149637041953#com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper#sap.com/irj#com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper#Guest#2####66913910f5b511da9481000c293e7173#Thread[Thread-119,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Java###Error during credentials acquiring.
[EXCEPTION]
#1#GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:234)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:31)
at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:341)
Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:230)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
... 9 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:135)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:154)
After running klist -e -f -k -K D:\j2sdk1.4.2_06\bin\krb5.keytab
I get the following output:
[1] Service principal: host/portalqa.yoeldomain.com@YOELDOMAIN.COM
KVNO: 1
Key type: 3
Key: 0x86684a3e897abfd
[2] Service principal: HTTP/portalqa.yoeldomain.com@YOELDOMAIN.COM
KVNO: 9
Key type: 3
Key: 0xa82c627f51b637f4
I set my browser as indicated in my recourses. I use HTTP watch toll and set the filter for result 401 No 401 was found.
I checked and found that UPN was set up properly.
Any Help will appreciated
Hi,
Same error with EP7 nw 2004s sp12.
Any solution?
Thanks
JUANLG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Yoel Malekan,
I have the exact sam error as you.
Did you find a sollution?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.