Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GSS Exception with SPNego authentication

cdumont69
Contributor

‎12-14-2006 9:39 AM

0 Kudos

Hello,

Does anybody know why The configuration of the SSO seam work with Diagtool but still have error ?

When test with diagtool I can see the SAP Logon Ticket generation :

<i>

principal is svc-appl-j2ee-qp1-cr@CR.EURO.CORP

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: a6f84b53

>>>crc32: 10100110111110000100101101010011

>>> KrbAsReq calling createMessage

>>> KrbAsReq in createMessage

>>> KrbAsReq etypes are: 1

>>> KrbKdcReq send: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000, number of retries =3, #bytes=237

>>> KDCCommunication: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000,Attempt =1, #bytes=237

>>> KrbKdcReq send: #bytes read=1396

>>> KrbKdcReq send: #bytes read=1396

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: 24ef6e2d

>>>crc32: 100100111011110110111000101101

>>> KrbAsRep cons in KrbAsReq.getReply svc-appl-j2ee-qp1-cr

Added server's keyKerberos Principal svc-appl-j2ee-qp1-cr@CR.EURO.CORPKey Version 0key EncryptionKey: keyType=1 keyBytes (hex dump)=

0000: 5E E9 64 A2 7A 1A C7 91

[Krb5LoginModule] added Krb5Principal svc-appl-j2ee-qp1-cr@CR.EURO.CORP to Subject

Commit Succeeded

Found ticket for svc-appl-j2ee-qp1-cr@CR.EURO.CORP to go to krbtgt/CR.EURO.CORP@CR.EURO.CORP expiring on Thu Dec 14 20:20:20 CET 2006

Entered Krb5Context.initSecContext with state=STATE_NEW

Service ticket not found in the subject

>>> Credentials acquireServiceCreds: same realm

>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: 59485094

>>>crc32: 1011001010010000101000010010100

>>> KrbKdcReq send: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000, number of retries =3, #bytes=1353

>>> KDCCommunication: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000,Attempt =1, #bytes=1353

>>> KrbKdcReq send: #bytes read=1332

>>> KrbKdcReq send: #bytes read=1332

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: 5c8f32b5

>>>crc32: 1011100100011110011001010110101

>>> KrbApReq: APOptions are 00100000 00000000 00000000 00000000

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: 1551bf46

>>>crc32: 10101010100011011111101000110

Krb5Context setting mySeqNumber to: 1508

Created InitSecContextToken:

0000: 30 31 20 30 30 20 36 65 20 38 32 20 30 34 20 64 01 00 6e 82 04 d

0010: 38 20 33 30 20 38 32 20 30 34 20 64 34 20 61 30 8 30 82 04 d4 a0

0020: 20 30 33 20 30 32 20 30 31 20 30 35 20 61 31 20 03 02 01 05 a1

0030: 30 33 20 30 32 20 30 31 20 30 65 20 61 32 20 30 03 02 01 0e a2 0

0040: 37 20 30 33 20 30 35 20 30 30 20 32 30 20 30 30 7 03 05 00 20 00

....

YIIFFAYGKwYBBQUCoIIFCDCCBQSgDTALBgkqhkiG9xIBAgKiggTxBIIE7WCCBOkGCSqGSIb3EgECAgEAboIE2DCCBNSgAwIBBaEDAgEOogcDBQAgAAAAo4ID/GGCA/gwggP0oAMCAQWhFBsSQ1IuRVVST0NPUFRFUi5DT1JQoi0wK6ADAgEAoSQwIhsESFRUUBsac21hNTEwMS5jci5ldXJvY29wdGVyLmNvcnCjggOmMIIDoqADAgEDoQMCAQOiggOUBIIDkG75O3Ax6/W3ZBr9Y9jdk3o0PonSQzgyVtLijzU3HpW5TOuPXQIh6Nxqoj7hHff2t9Zjz1VajLNrsCgy9MabURLiCvcL/GMpHIIC8H69JG2/xgWD2JAWUiSkeIWUkVMijj6Sl80uGOe7GH4RGYDkofUcGqrjfgA/yyu3wdTbPHoNOVk0A1FC78BjCZXPdZepiE6ECx0TFUhlGuqyoSk6zAhf6qD7AZrDbiHDQDdpjBcqLsJQ1ytMfa5gV8ayPid9UUaD8J/fLJR2nOCB2sRLtbsjJGB5sto1fYXieZEkPEIQaXBDmpGJFzs2tUQIALOQ9ABE2ZFH8xSo2L86IyczVqrne0wuENjMOaUtztynJKVMzO1T/I8OkC2ENJwfUaqP6xOr7uWsunpcwJFghmnRy05SRub1Ja4oQ74xtiRKdBHLFVZSpeVqYrMM3ofn1oWcljkHcz/ZpuZtyNcrpvI909lku7P3rbyHUuj7keS1YL/qy6TMOVbnSMfl1w5NLOzFgY3GkXyrajFaAYyi9e8Ls68i79s6OWyKwwZqYCfZF1hLOFCJtGZtmoglIdJur05QL7lv3hmYW70RpX4ZcFEcrJgwLmPSuch2yhTmMvtA9LwGOQHoMwPfcu51bYUnj85Qnw4Z2AhQzbS3fcyGjgmK/pitcWsGYSGV3DIrysxA9yOIRNyuoDmjV9zPMpIQkgIweaKSYyhPdyDpmcOZt/scozmS6y/Dw5EPWPEaYJtNlkKirbPO8K7ouXjDF73P88zNiJb17Mo76jZNu1L7SX9bYqftwsItndbVGvetIYhsjSm/a6LQ2dK0knidEhYLU5pqfyQJfMhCocdvS7SrPIFOfROvpcybJB1nhXy/41EppdC1fSdgsw/9buAOvAIxzqDLLGrruFFdFGaZ0OPfG/UbG0lCBD3XLF7RHpuZSiq9j6gbAFGqKno4Ek5cnALf2Pl0yKfEv7V5HQ68fdaLKHQEh9Co2iIU3JjP3o4/01jMJ9DQQrOWqAVKHfNAvgFXBLkeSsWqoKd4jcW4vTQo7jg31L1KGUIwD/KsA5Whf96NRaYkdkJ1hOtu6U0Wa9hnUguEeCEnZThmEjmVpcq/MoFyD0VRSSWABVQvlPkza3jbZAC20v/lEWX3OIS3tYHde4XtDkXfgDK6teHRoyMNxMe7aklqpElfpHljWvNiYHuV2qSBvjCBu6ADAgEBooGzBIGw5k5ByTyb2WoeRK8B6RU4PVuY6vuLY9YwrryPADeF2X0ipcLNQp1G5647FBhWsPJ3bTfnHmeeDaN194bypsX31upTQJclXOWZpQjcbzWobTbEdTBKX/qovFCqBECyaRlvIoyTqZ3yeKVPBvb/fxQocbEXc238T2N7tF1216GLOCJp2tACigeuicy3VDkFG3xgShgR3nkMM3rLN27ateBMo2BAzc6cpWpB7X/aFp9cY=

REQUEST:

GET /irj/portal HTTP/1.1

Accept: /

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: sma5101.cr.euro.corp:50000

RESPONSE:

HTTP/1.1 200 OK

Server: SAP J2EE Engine/6.40

Content-Type: text/html; charset=UTF-8

Set-Cookie: saplb_*=(J2EE6546500)6546550; Version=1; Path=/

Content-Language: en-US

expires: 0

Date: Thu, 14 Dec 2006 09:20:24 GMT

Transfer-Encoding: chunked

Set-Cookie: PortalAlias=portal; Path=/

Set-Cookie: JSESSIONID=(J2EE6546500)ID1618386550DB00080547440132448776End; Version=1; Domain=.cr.euro.corp; Path=/

=====================================================================

REQUEST:

GET /irj/portal HTTP/1.1

Authorization: Negotiate YIIFFAYGKwYBBQUCoIIFCDCCBQSgDTALBgkqhkiG9xIBAgKiggTxBIIE7WCCBOkGCSqGSIb3EgECAgEAboIE2DCCBNSgAwIBBaEDAgEOogcDBQAgAAAAo4ID/GGCA/gwggP0oAMCAQWhFBsSQ1IuRVVST0NPUFRFUi5DT1JQoi0wK6ADAgEAoSQwIhsESFRUUBsac21hNTEwMS5jci5ldXJvY29wdGVyLmNvcnCjggOmMIIDoqADAgEDoQMCAQOiggOUBIIDkG75O3Ax6/W3ZBr9Y9jdk3o0PonSQzgyVtLijzU3HpW5TOuPXQIh6Nxqoj7hHff2t9Zjz1VajLNrsCgy9MabURLiCvcL/GMpHIIC8H69JG2/xgWD2JAWUiSkeIWUkVMijj6Sl80uGOe7GH4RGYDkofUcGqrjfgA/yyu3wdTbPHoNOVk0A1FC78BjCZXPdZepiE6ECx0TFUhlGuqyoSk6zAhf6qD7AZrDbiHDQDdpjBcqLsJQ1ytMfa5gV8ayPid9UUaD8J/fLJR2nOCB2sRLtbsjJGB5sto1fYXieZEkPEIQaXBDmpGJFzs2tUQIALOQ9ABE2ZFH8xSo2L86IyczVqrne0wuENjMOaUtztynJKVMzO1T/I8OkC2ENJwfUaqP6xOr7uWsunpcwJFghmnRy05SRub1Ja4oQ74xtiRKdBHLFVZSpeVqYrMM3ofn1oWcljkHcz/ZpuZtyNcrpvI909lku7P3rbyHUuj7keS1YL/qy6TMOVbnSMfl1w5NLOzFgY3GkXyrajFaAYyi9e8Ls68i79s6OWyKwwZqYCfZF1hLOFCJtGZtmoglIdJur05QL7lv3hmYW70RpX4ZcFEcrJgwLmPSuch2yhTmMvtA9LwGOQHoMwPfcu51bYUnj85Qnw4Z2AhQzbS3fcyGjgmK/pitcWsGYSGV3DIrysxA9yOIRNyuoDmjV9zPMpIQkgIweaKSYyhPdyDpmcOZt/scozmS6y/Dw5EPWPEaYJtNlkKirbPO8K7ouXjDF73P88zNiJb17Mo76jZNu1L7SX9bYqftwsItndbVGvetIYhsjSm/a6LQ2dK0knidEhYLU5pqfyQJfMhCocdvS7SrPIFOfROvpcybJB1nhXy/41EppdC1fSdgsw/9buAOvAIxzqDLLGrruFFdFGaZ0OPfG/UbG0lCBD3XLF7RHpuZSiq9j6gbAFGqKno4Ek5cnALf2Pl0yKfEv7V5HQ68fdaLKHQEh9Co2iIU3JjP3o4/01jMJ9DQQrOWqAVKHfNAvgFXBLkeSsWqoKd4jcW4vTQo7jg31L1KGUIwD/KsA5Whf96NRaYkdkJ1hOtu6U0Wa9hnUguEeCEnZThmEjmVpcq/MoFyD0VRSSWABVQvlPkza3jbZAC20v/lEWX3OIS3tYHde4XtDkXfgDK6teHRoyMNxMe7aklqpElfpHljWvNiYHuV2qSBvjCBu6ADAgEBooGzBIGw5k5ByTyb2WoeRK8B6RU4PVuY6vuLY9YwrryPADeF2X0ipcLNQp1G5647FBhWsPJ3bTfnHmeeDaN194bypsX31upTQJclXOWZpQjcbzWobTbEdTBKX/qovFCqBECyaRlvIoyTqZ3yeKVPBvb/fxQocbEXc238T2N7tF1216GLOCJp2tACigeuicy3VDkFG3xgShgR3nkMM3rLN27ateBMo2BAzc6cpWpB7X/aFp9cY=

Accept: /

Accept-Language: en-us

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

Host: sma5101.cr.euro.corp:50000

Cookie: saplb_*=(J2EE6546500)6546550; PortalAlias=portal; JSESSIONID=(J2EE6546500)ID1618386550DB00080547440132448776End

RESPONSE:

HTTP/1.1 200 OK

Server: SAP J2EE Engine/6.40

Content-Type: text/html; charset=UTF-8

Content-Language: en-US

expires: 0

Date: Thu, 14 Dec 2006 09:20:25 GMT

Transfer-Encoding: chunked

Set-Cookie: PortalAlias=portal; Path=/

=====================================================================

OK: HTTP request is successful

</i>

But I can't connect to the portal and there is a GSS Exception :

<i>

Entering method with (Objet : , javax.security.auth.login.LoginContext$SecureCallbackHandler@243809)

The options of EvaluateTicketLoginModule in [spnego] authentication stack are: [{ume.configuration.active=true}].

(Map, Properties, boolean) Entering method with ({System-ID=QP1, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (2) for Guest created at Thu Dec 14 10:09:59 CET 2006}, <null>)

[ume.configuration.active]: [true]

Exiting method with [Ljava.lang.Object;@1db0c49

Entering method

Exiting method with [Ljava.lang.Object;@39dfc

The options of EvaluateTicketLoginModule in [spnego] authentication stack after merge with UME properties are: [{ume.configuration.active=true, system=QP1, client=000, j_authscheme=spnego, inclcert=0, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, password=}].

The options of EvaluateTicketLoginModule in [spnego] authentication stack after adding the default values are: [{ume.configuration.active=true, system=QP1, client=000, j_authscheme=spnego, inclcert=0, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, sap.security.auth.configuration.name=spnego, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, password=}].

Exiting method

My GSS name is: HTTP/sma5101.cr.euro.corp@CR.EURO.CORP

GSS name type is: 1

GSS mechanism is: 1.2.840.113554.1.2.2

Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null KeyTab is
sma5101.cr.euro.corp\sapmnt\QP1\SYS\global\security\kerb5\krb5.cr.keytab refreshKrb5Config is true principal is HTTP/sma5101.cr.euro.corp@CR.EURO.CORP tryFirstPass is false useFirstPass is false storePass is false clearPass is false

Refreshing Kerberos configuration

>>>KinitOptions cache name is C:\Documents and Settings\SAPServiceQP1.GROUPRESOURCES\krb5cc_SAPServiceQP1

>> Acquire default native Credentials

>>> LSA contains TGT for SAPServiceQP1@CR.EURO.CORP not HTTP/sma5101.cr.euro.corp@CR.EURO.CORP

Principal is HTTP/sma5101.cr.euro.corp@CR.EURO.CORP

null credentials from Ticket Cache

principal's key obtained from the keytab

principal is HTTP/sma5101.cr.euro.corp@CR.EURO.CORP

>>> EType: sun.security.krb5.internal.crypto.DesCbcCrcEType

>>>crc32: f9941636

>>>crc32: 11111001100101000001011000110110

>>> KrbAsReq calling createMessage

>>> KrbAsReq in createMessage

>>> KrbAsReq etypes are: 1

>>> KrbKdcReq send: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000, number of retries =3, #bytes=254

>>> KDCCommunication: kdc=sma2004.cr.euro.corp UDP:88, timeout=30000,Attempt =1, #bytes=254

>>> KrbKdcReq send: #bytes read=178

>>> KrbKdcReq send: #bytes read=178

>>> KDCRep: init() encoding tag is 126 req type is 11

>>>KRBError:

sTime is Thu Dec 14 10:20:21 CET 2006 1166088021000

suSec is 868082

error code is 24

error Message is Pre-authentication information was invalid

realm is CR.EURO.CORP

sname is krbtgt/CR.EURO.CORP

eData provided.

<b>[Krb5LoginModule] authentication failed

Pre-authentication information was invalid (24)

Error during credentials acquiring.

[EXCEPTION]

GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)</b>

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)

at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)

at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)

at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)

at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:234)

at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.<init>(ConfigurationHelper.java:118)

at com.sap.security.core.server.jaas.SPNegoLoginModule.initialize(SPNegoLoginModule.java:496)

at com.sap.engine.services.security.login.LoginContextFactory.initializeLoginContext(LoginContextFactory.java:191)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:130)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86)

at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)

at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)

at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:545)

at java.security.AccessController.doPrivileged(Native Method)

at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:316)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:372)

at com.sap.portal.navigation.Gateway.service(Gateway.java:101)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)

Caused by: com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:230)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)

... 50 more

Caused by: javax.security.auth.login.LoginException: Pre-authentication information was invalid (24)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:135)

at java.security.AccessController.doPrivileged(Native Method)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:154)

... 64 more

Caused by: KrbException: Pre-authentication information was invalid (24)

at sun.security.krb5.KrbAsRep.<init>(DashoA12275:67)

at sun.security.krb5.KrbAsReq.getReply(DashoA12275:315)

at sun.security.krb5.Credentials.acquireTGT(DashoA12275:361)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:576)

at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)

... 66 more

Caused by: KrbException: Identifier doesn't match expected value (906)

at sun.security.krb5.internal.af.a(DashoA12275:134)

at sun.security.krb5.internal.at.a(DashoA12275:63)

at sun.security.krb5.internal.at.<init>(DashoA12275:58)

at sun.security.krb5.KrbAsRep.<init>(DashoA12275:53)

... 71 more

</i>

Thanks,

Regards,

Chris

2 REPLIES 2

Former Member

‎12-26-2006 12:33 PM

0 Kudos

Hello,

Do you have solutions for this error?

Thanks in advance,

Rui Ruas

cdumont69
Contributor
In response to Former Member

‎12-26-2006 1:46 PM

0 Kudos

Hello,

No sorry I don't solve this issue.

But I find that Active Directory send the domain in lower case for all login and we need upper case. If I put upper case the problem is solve but I can't change all AD user !

Regards,

Chris