Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SPNEGO for SSO into Portal

Former Member
0 Kudos

Hi,

I downloaded & installed the new SAP SPNEGO add-on into the NW7.01 portal. I went through the installation, which all worked, & was able to open Portal without signon/password.

We then faced problems as the AD team had created the keytab with DES encryption which doesn't work with Windows 7. Got the keytab re-created using RC4-HMAC, and replaced the keytab using the configuration wixard.

I am now unable to open the portal without logon/password. The error in the trace shows :

com.sap.security.spnego.SPNEGOProtocolException: No key (etype: 3) for realm ---

Any clues as to what this message means?

Gill

7 REPLIES 7

Former Member
0 Kudos

Hi Gillian,

This is a Basis/Infrastructure question

Why dont you go to this link

http://help.sap.com/saphelp_nw70/helpdata/en/45/40a0de773a7527e10000000a114a6b/frameset.htm

and see if you have followed all the appropriate steps.

former_member182254
Active Participant
0 Kudos

Hi Gillian,

If you want to switch to RC4-HMAC encyrption type then please ask the AD administrator to disable DES encryption algorithms for the JEE service user. This is done in "Active Directory Users and Computers" tool -> double click the JEE service user -> select "Account" tab -> "Account options" -> unselect "Use DES ecryption types for this account".

Regards,

Dimitar

Former Member
0 Kudos

Hi Gillian Hanlon ,

Were you able to resolve this issue

we are also getting the similar error "The file you have selected does not contain any valid encryption keys

for the realm........" when trying to confiure spnego for RC4-HMAC encryptoin.

Thanks and regards

Basit

0 Kudos

Hi,

Have you solved this? I get the same error when trying to upload the keytab file...

Your help is much appreciated.

kind regards,

Clinton

0 Kudos

Hi Basit,

The error you get means that the keytab does not contain DES or RC4 keys for the selected realm. Could you please check with klist -e -f -k -K keytab what keys the file contains and for which principal/realm? If necessary re-genearte the file with ktab tool from JDK 1.5 or 1.6.

Regards,

Dimitar

0 Kudos

Hi Ray,

See my reply to Basit. Please double check that the keytab contains keys for the realm your are trying to configure. In doubt re-generate the file with ktab tool from JDK 1.5 or 1.6.

Regards,

Dimitar

Former Member
0 Kudos

Hi Everyone,

Thanks you for the help. My problem turned out to be 2 users in AD with the same SPN assigned to them. Once the duplicate was removed, all was fine.

Gill