02-05-2007 4:59 PM
Hi,
We are trying to configure SPNego and we are facing issues. We had done the configuration in another environment and it worked fine.
I have checked the configuration at AD end and portal end multiple
times and everything looks to be fine. Following is the error message coming in the logs.
[JGSS_DBG_CTX] Client time Sat Feb 03 13:09:32 GMT 2007 too skewed
13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err org.ietf.jgss.GSSException, major code: 10, minor code: 37
major string: Defective token
minor string: Client time 03 February 2007 at 13:09:32 too skewed
13:04:05:373 Error Guest ~on_Thread[impl:3]_1 System.err at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:5)
at com.ibm.security.jgss.mech.krb5.k.a(k.java:896)
at com.ibm.security.jgss.mech.krb5.k.a(k.java:6)
at com.ibm.security.jgss.mech.krb5.k.b(k.java:231)
at com.ibm.security.jgss.mech.krb5.k.acceptSecContext(k.java:1010)
at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:30)
at com.ibm.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:370)
at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:614)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:322)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
at java.security.AccessController.doPrivileged(AccessController.java:242)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
at java.security.AccessController.doPrivileged(AccessController.java:242)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:142)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
at java.security.AccessController.doPrivileged(AccessController.java:242)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:215)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
Any help is highly appreciated.
Many Thanks,
Chandra
02-05-2007 5:20 PM
Hi,
per this part of the exception:
minor string: Client time 03 February 2007 at 13:09:32 too skewed
there seems to be a problem with the time syncronizations between the domain controller, the client system and the SAP NetWeaver system. Check that all system clocks are syncronized and have the correct time zone settings.
Hope this helps,
Yonko
02-07-2007 10:46 AM
Many thanks for your help.
Time synchronization was the reason. Time gap between portal server and AD was more than 5 mins (For kerberos to work it should be less than 5 mins).
Its working fine now.
Points awarded.
Thanks,
Chandra