Stucked with secWinAD SSO (Vintela) on BOE XI 3.1 SP3
i have made my way though the Configurationguide from Tim. Everything was working fine.
Users are synced to BO OK
Login with Clienttools OK
Kinit with bossosvcacct OK
Commit succeeded in stdout OK
manual login to CMC / InfoView with AD user OK
"credentials obtained" OK
at this point dcom.wedgetail.idm.sso.password is set in tomcats java parameters
SSO to Infoview doesnt work at all. KB 1379894 is used to setup IE on client/server.
Infoview still opens with username and password to be entered.
With Netmon on the client i get:
KerberosV5:KRB_ERROR - KDC_ERR_S_PRINCIPAL_UNKNOWN (7)
KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/xxx.xxx.xxx.xxx
KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/hostname.dom.dom.net
are both set with
setspn -a HTTP/Hostname(FQDN);IP bossosvcacct
Is there anything i can check to get SSO working from a client?
DC is Win2k3x64 std en. Testclient is another server in same domain.
Tim Ziemba replied
Are you getting this error on the server or client? S_PRINCIPAL_UNKNOWN
It means that there are either duplicated or missing SPN's either the CMS SPN (set in the AD plugin service prinicpal name) or the HTTP SPN(s)
We have KB's as does microsoft on searching and removing duplicate SPN's