Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GSSException Mechanism level: Failed to find any Kerberos Ticket

Former Member

‎12-16-2006 3:41 PM

0 Kudos

Environment:

AD: Windows 2003

J2EE: SAP Web AS 7.0 SP 8

Web Client: IE 6.0

-

After running the SPNegoLoginModule Test configuration Web Application, I am getting the following error message above when trying to acquire credentials. During set 2: J2EE User Test Page, I am able to find the user i.e. user = krb5principalname, but when I get to the Acquire Credentials Test Page, I get the ‘Failed to find any Kerberos Ticket’.

I do not get this error when I test the service user only when I test another user from the Active Directory.

My Java parameters are set in the Config tool to:

Djavax.security.auth.useSubjectCredsOnly=false

I also set another setting similar to the one above:

javax.security.auth.useSubjectCredsOnly=false

The keytab file was created from the SPNego Wizard.

I am also getting the following message from diagtool tool log:

- Found no TGT in LSA

- Null credentials from Ticket cache

- Principal’s key obtained from the keytab

- KeyTab: load () entry length: 49; type 3

- Found key for portal-user@ABC.EC.COM

- Credentials acquired: {}

- No authscheme found that has auth template spnego (this template is created by the wizard which is using in the ticket component of the Security Provider)

- Received no SAPLogonTicket. Authenication stack: [spnego]

- No authenticated user found

Any help would be greatly appreciated! Thanks in advance!

6 REPLIES 6

Former Member

‎12-16-2006 3:50 PM

0 Kudos

I am also getting the following messages from the com.sap.security.core.server.jaas of the diagtool log file:

- User stored in usercache, key: SAP Login Ticket

- SAP Logon Ticket added to private credentials

- Entering meting with (javax.security. auth.login.LoginConext…

- Header set: MYSAPSSO2=AjE…

- Existing Method

- Callback Handler adviced to set SAP Login Ticket in MYSAPSSO2 cookie

- Existing method with true

- Entering method

- Exiting method with false

Former Member

‎12-17-2006 7:03 PM

0 Kudos

Margie,

It looks that you had reach futher than I did in setting up Kerberso on WAS.

Can you tell from high level what need to get Kerberso to work?

Former Member
In response to Former Member

‎12-18-2006 2:30 AM

0 Kudos

Richard, I ran the SPNego Wizard on the WAS. The Wizard steps you through setting up the krb5 file, keytab file and LoginModule for the WAS and KDC. You can download this from the service marketplace. There are also diagtool you can run after running the wizard to test you configuration. I hope this helps.

former_member312910
Participant

‎12-28-2006 12:03 PM

0 Kudos

Hi all

Did you solve this problem?.. I am also facing this same issue

Regards

Deepu

Former Member
In response to former_member312910

‎12-28-2006 4:18 PM

0 Kudos

It is hard to say because we have troubleshooted the issue so much. Right now, we are getting acquired credenitals errors.

Former Member
In response to former_member312910

‎12-28-2006 4:18 PM

0 Kudos

Yes, we are still having the same problem.