12-16-2006 3:41 PM
Environment:
AD: Windows 2003
J2EE: SAP Web AS 7.0 SP 8
Web Client: IE 6.0
-
After running the SPNegoLoginModule Test configuration Web Application, I am getting the following error message above when trying to acquire credentials. During set 2: J2EE User Test Page, I am able to find the user i.e. user = krb5principalname, but when I get to the Acquire Credentials Test Page, I get the Failed to find any Kerberos Ticket.
I do not get this error when I test the service user only when I test another user from the Active Directory.
My Java parameters are set in the Config tool to:
Djavax.security.auth.useSubjectCredsOnly=false
I also set another setting similar to the one above:
javax.security.auth.useSubjectCredsOnly=false
The keytab file was created from the SPNego Wizard.
I am also getting the following message from diagtool tool log:
- Found no TGT in LSA
- Null credentials from Ticket cache
- Principals key obtained from the keytab
- KeyTab: load () entry length: 49; type 3
- Found key for portal-user@ABC.EC.COM
- Credentials acquired: {}
- No authscheme found that has auth template spnego (this template is created by the wizard which is using in the ticket component of the Security Provider)
- Received no SAPLogonTicket. Authenication stack: [spnego]
- No authenticated user found
Any help would be greatly appreciated! Thanks in advance!
12-16-2006 3:50 PM
I am also getting the following messages from the com.sap.security.core.server.jaas of the diagtool log file:
- User stored in usercache, key: SAP Login Ticket
- SAP Logon Ticket added to private credentials
- Entering meting with (javax.security. auth.login.LoginConext
- Header set: MYSAPSSO2=AjE
- Existing Method
- Callback Handler adviced to set SAP Login Ticket in MYSAPSSO2 cookie
- Existing method with true
- Entering method
- Exiting method with false
12-17-2006 7:03 PM
Margie,
It looks that you had reach futher than I did in setting up Kerberso on WAS.
Can you tell from high level what need to get Kerberso to work?
12-18-2006 2:30 AM
Richard, I ran the SPNego Wizard on the WAS. The Wizard steps you through setting up the krb5 file, keytab file and LoginModule for the WAS and KDC. You can download this from the service marketplace. There are also diagtool you can run after running the wizard to test you configuration. I hope this helps.
12-28-2006 12:03 PM
Hi all
Did you solve this problem?.. I am also facing this same issue
Regards
Deepu
12-28-2006 4:18 PM
It is hard to say because we have troubleshooted the issue so much. Right now, we are getting acquired credenitals errors.
12-28-2006 4:18 PM