cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WinAD SSO is not working after configuring keytab file

former_member371433
Explorer

on ‎10-27-2015 8:32 AM

0 Kudos

Hello All,

We have successfully implemented WIn AD SSO on SAP BO 41 SP5 but after configuring keytab file; WinAD SSO is not working successfully.

We have followed following procedure:

     1. Generated keytab file and placed it in c:\windows of BO Server

     2. Stopped tomcat

     3. Added following line in global.properties

               idm.keytab=C:/WINDOWS/bosso.keytab

     4. Removed wedgetail line from java options in tomcat configuration.

     5. Restarted tomcat

After this only we are not able to find 'credentials obtained' in stderr file in tomcat logs.

We have special characters like %,@,^ etc. in our service account's password.

When we tested with kinit command it says pre authentication failed and gives the attached error message.

We could also see that, some blogs says remove the special characters from service account password but same has not any valid SAP note, so our infra team is reluctant to do so.

Thanks

Kushal

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎10-27-2015 9:27 AM
0 Kudos

Hi Kushal,

If you have used the below command -

ktpass -out bosso.keytab -princ service-account-name@REALM.COM –pass service-account-password -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

then you should be using the kinit command as -

kinit -k -t new2.keytab serviceaccount

Make sure the command to generate keytab is not copy pasted and type it manually.

Hope you are not using mapuser parameter.

You can generate the keytab file on your BO server which is in domain.

To add to Raunak's suggestion, make sure that the idm.princ in global.properties matches with -princ

in ktpass command (without the "@REALM.COM" in -princ).

Regards,

Swapnali

Show replies
Show replies
Former Member
‎07-27-2016 9:20 AM
0 Kudos

If you have special characters in the password, just wrap the password in double quotes when running ktpass.

ktpass -out bosso.keytab -princ dev.sa@DOMAIN.COM -pass "Iam!Special!252@" -kvno 255 -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

This resolved it for me.

former_member205064
Active Contributor
‎10-27-2015 8:39 AM
0 Kudos

I assume if you revert the changes and put password in Java Option. SSO works fine!

in that case there is some issue with the Ktpass command u running.

Share the command

Complex passwod can also be one of the issue, not sure, if possible try keeping littile simple passwod and then generate a Keytab.

Show replies
Show replies
Ask a Question