on 05-19-2011 3:24 PM
Hallo SDN,
i have made my way though the Configurationguide from Tim. Everything was working fine.
Users are synced to BO OK
Login with Clienttools OK
Kinit with bossosvcacct OK
Commit succeeded in stdout OK
manual login to CMC / InfoView with AD user OK
"credentials obtained" OK
---
at this point dcom.wedgetail.idm.sso.password is set in tomcats java parameters
---
But:
SSO to Infoview doesnt work at all. KB 1379894 is used to setup IE on client/server.
Infoview still opens with username and password to be entered.
With Netmon on the client i get:
KerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/xxx.xxx.xxx.xxx
or
KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/hostname.dom.dom.net
are both set with
setspn -a HTTP/Hostname(FQDN);IP bossosvcacct
on DC.
Is there anything i can check to get SSO working from a client?
DC is Win2k3x64 std en. Testclient is another server in same domain.
bye
Ralph
Are you getting this error on the server or client? S_PRINCIPAL_UNKNOWN
It means that there are either duplicated or missing SPN's either the CMS SPN (set in the AD plugin service prinicpal name) or the HTTP SPN(s)
We have KB's as does microsoft on searching and removing duplicate SPN's
regards,
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tim,
thanks for reply! Good work on the tutorial for vintela.
I got that msg on the client (for netmon it was not recommanded to run on the server itself).
And yes, you are right! It was a duplicate not a 'not found'.
I did find Eventlog-IDs on the Server pointing to the right direction yesterday. I didnt have the time to post reply.
So SSO is working. Thanks again.
bye
Ralph
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.