Solved: Stucked with secWinAD SSO (Vintela) on BOE XI 3.1 ...

Former Member · ‎05-19-2011

Hallo SDN,

i have made my way though the Configurationguide from Tim. Everything was working fine.

Users are synced to BO OK

Login with Clienttools OK

Kinit with bossosvcacct OK

Commit succeeded in stdout OK

manual login to CMC / InfoView with AD user OK

"credentials obtained" OK

---

at this point dcom.wedgetail.idm.sso.password is set in tomcats java parameters

---

But:

SSO to Infoview doesnt work at all. KB 1379894 is used to setup IE on client/server.

Infoview still opens with username and password to be entered.

With Netmon on the client i get:

KerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)

KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/xxx.xxx.xxx.xxx

or

KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/hostname.dom.dom.net

are both set with

setspn -a HTTP/Hostname(FQDN);IP bossosvcacct

on DC.

Is there anything i can check to get SSO working from a client?

DC is Win2k3x64 std en. Testclient is another server in same domain.

bye

Ralph

BasicTek · ‎05-21-2011

Are you getting this error on the server or client? S_PRINCIPAL_UNKNOWN

It means that there are either duplicated or missing SPN's either the CMS SPN (set in the AD plugin service prinicpal name) or the HTTP SPN(s)

We have KB's as does microsoft on searching and removing duplicate SPN's

regards,

Tim

Stucked with secWinAD SSO (Vintela) on BOE XI 3.1 SP3