10-03-2007 12:24 AM
Good Afternoon.
I configured the Single Sign On using kerberos authentification in the Was Java 6.40 SP19, with Active Directory 2003.
But when I enter the url of the WAS Java, I have the following error:
"User authentication failed".
Also the archive log "security.0.log" registred the following:
#1.5#001676D2FE8D00500000000F0000122000043B89E5F2EA56#1191363212091#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#Guest#2####b60e70b0713411dc8ec7001676d2fe8d#SAPEngine_Application_Thread[impl:3]_22##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGOUT.OK
User: Administrator
Authentication Stack: SAP-J2EE-Engine
Login Module Flag Initialize Logout Details
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule SUFFICIENT ok true #
#1.5#001676D2FE8D00530000001D0000122000043B89FE8EDFE1#1191363774196#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####0518db40713611dc8148001676d2fe8d#SAPEngine_Application_Thread[impl:3]_34##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0061000000060000122000043B89FE8F0BB3#1191363774211#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####051b2530713611dcadeb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_36##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0054000000150000122000043B89FE8F53E2#1191363774227#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####051d9630713611dccaeb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D0054000000160000122000043B89FE8F5609#1191363774227#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#2####051d9630713611dccaeb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[172.16.6.75], Reason=[Access Denied.]#
#1.5#001676D2FE8D00540000001A0000122000043B89FE8F7114#1191363774227#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####051d9630713611dccaeb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D00490000001D0000122000043B8A004C4097#1191363803380#/System/Security/Authentication##com.sap.engine.services.security.authentication.logincontext#lgomez#37####167dfb40713611dc9e7a001676d2fe8d#SAPEngine_Application_Thread[impl:3]_20##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.OK
User: lgomez
Authentication Stack: sap.com/tcmonitoringsysteminfo*sap_monitoring
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false false
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok true true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok true true
Central Checks true #
#1.5#001676D2FE8D005D000000150000122000043B8A0084BF55#1191363807083#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#lgomez#38####18b303b0713611dc9c36001676d2fe8d#SAPEngine_Application_Thread[impl:3]_24##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.OK
User: lgomez
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok true true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok false
Central Checks true #
#1.5#001676D2FE8D00440000000D0000122000043B8A015C3A97#1191363821206#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####211e0360713611dc9cd9001676d2fe8d#SAPEngine_Application_Thread[impl:3]_17##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0043000000060000122000043B8A015C5298#1191363821206#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####211e0361713611dc996d001676d2fe8d#SAPEngine_Application_Thread[impl:3]_27##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D005C000000160000122000043B8A015C80A7#1191363821222#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####21207460713611dcbddb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_19##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D005C000000170000122000043B8A015C8297#1191363821222#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#2####21207460713611dcbddb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_19##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[172.16.6.75], Reason=[Access Denied.]#
#1.5#001676D2FE8D005C0000001B0000122000043B8A015C9E08#1191363821222#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####21207460713611dcbddb001676d2fe8d#SAPEngine_Application_Thread[impl:3]_19##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D00420000000F0000122000043B8A06F4B2F2#1191363915071#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####5910acf0713611dca3b4001676d2fe8d#SAPEngine_Application_Thread[impl:3]_23##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D005F000000170000122000043B8A080B2485#1191363933319#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####63f11970713611dc8b8d001676d2fe8d#SAPEngine_Application_Thread[impl:3]_12##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0061000000070000122000043B8A080B3FA3#1191363933335#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####63f38a70713611dc8403001676d2fe8d#SAPEngine_Application_Thread[impl:3]_36##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D00540000001E0000122000043B8A080B78DB#1191363933350#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####63f5d460713611dc9306001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D00540000001F0000122000043B8A080B7B4A#1191363933350#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#2####63f5d460713611dc9306001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[172.16.6.75], Reason=[Access Denied.]#
#1.5#001676D2FE8D0054000000230000122000043B8A080B9669#1191363933350#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####63f5d460713611dc9306001676d2fe8d#SAPEngine_Application_Thread[impl:3]_6##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D005B0000000C0000122000043B8AA71B3653#1191366601941#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####9a908050713c11dc95bd001676d2fe8d#SAPEngine_Application_Thread[impl:3]_37##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D003E0000001A0000122000043B8AA71B4F93#1191366601941#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####9a908051713c11dcb3a1001676d2fe8d#SAPEngine_Application_Thread[impl:3]_1##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0042000000100000122000043B8AB3F70C1E#1191366817683#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####1b281e30713d11dc821c001676d2fe8d#SAPEngine_Application_Thread[impl:3]_23##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0043000000070000122000043B8AB3F720DA#1191366817683#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####1b281e31713d11dc8a83001676d2fe8d#SAPEngine_Application_Thread[impl:3]_27##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Access Denied.#
#1.5#001676D2FE8D0044000000100000122000043B8AB3F74CD3#1191366817699#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####1b2a8f30713d11dcaa0b001676d2fe8d#SAPEngine_Application_Thread[impl:3]_17##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
#1.5#001676D2FE8D0044000000110000122000043B8AB3F74F66#1191366817699#/System/Security/Audit#sap.com/com.sap.security.core.admin#com.sap.security.core.util.SecurityAudit#Guest#2####1b2a8f30713d11dcaa0b001676d2fe8d#SAPEngine_Application_Thread[impl:3]_17##0#0#Warning#1#com.sap.security.core.util.SecurityAudit#Plain###Guest | LOGIN.ERROR | NONE = null | | Login Method=[default], UserID=[null], IP Address=[172.16.6.75], Reason=[Access Denied.]#
#1.5#001676D2FE8D0044000000150000122000043B8AB3F76D0D#1191366817699#/System/Security/Authentication#sap.com/com.sap.security.core.admin#com.sap.engine.services.security.authentication.logincontext#Guest#2####1b2a8f30713d11dcaa0b001676d2fe8d#SAPEngine_Application_Thread[impl:3]_17##0#0#Info#1#com.sap.engine.services.security.authentication.logincontext#Plain###LOGIN.FAILED
User: N/A
Authentication Stack: ticket
Login Module Flag Initialize Login Commit Abort Details
com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL ok false true
com.sap.security.core.server.jaas.SPNegoLoginModule REQUISITE ok exception true Login with SPNego protocol failed.#
How can I solver the problem???.
Best regards.
10-09-2007 4:31 PM
Hi,
The error indicates that an NTLM token is sent by the browser insetad of SPNEGO one. The reasons could be the following:
- the browser is running locally on the J2EE host
- HTTP proxy is enabled in the browser
- you are not logged into the correct Windows domain
- you are accesing the J2EE server with different host name than the added as SPN in the ADS (setspn command)
- OS issue
Please check the above list. For further troubleshooting I'll need the attributes of the service user in ADS (e.g. ldifde -r samaccountname=<j2ee-service-user> -f out.ldf) and Wireshark traces - see SAP Note 958107 on how to collect the network traffic. After that filter by "udp.port==88" or "tcp.port==88" and search for any Kerberos protocol errors. Post the above information in order to analyze it.
Regards,
Dimitar
10-04-2007 3:52 PM
Hi,
Apply SAP Note 1045019 (Example 3) and provide the collected traces (or at least the errors in red).
Regards,
Dimitar
10-09-2007 3:37 PM
Good Morning.
I applied the note 1045019 (Example 3) and I have the following errors:
16:26:59:913 Error Guest ~n_Thread[impl:3]_21 ~rity.core.server.jaas.SPNegoLoginModule Decoding error in parsing of spnego token.
[EXCEPTION]
iaik.asn1.CodingException: Error reading ASN.1 datastructure: null
at iaik.asn1.DerCoder.decode(Unknown Source)
at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:574)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:322)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:154)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:255)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:205)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:975)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:240)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:59)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doGet(SAPMLogonServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
16:26:59:913 Error Guest ~n_Thread[impl:3]_21 ~rity.core.server.jaas.SPNegoLoginModule Error during handshake (has already been reported). Authentication failed.
16:26:59:913 Error Guest ~n_Thread[impl:3]_21 ~n.SAPMLogonLogic][md=doLogon][cl=20636] doLogon failed
[EXCEPTION]
com.sap.security.core.logon.imp.UMELoginException
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:350)
at com.sap.security.core.logonadmin.ServletAccessToLogic.logon(ServletAccessToLogic.java:205)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:975)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:240)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:59)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doGet(SAPMLogonServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
16:26:59:929 Error Guest ~n_Thread[impl:3]_21 ~.util.ResourceBean][md=print][cl=16222] Message ID (UNKNOWN_ERROR) not found in properties files-UNKNOWN_ERROR
[EXCEPTION]
java.util.MissingResourceException: Can't find resource for bundle java.util.PropertyResourceBundle, key UNKNOWN_ERROR
at java.util.ResourceBundle.getObject(ResourceBundle.java:325)
at java.util.ResourceBundle.getObject(ResourceBundle.java:322)
at java.util.ResourceBundle.getString(ResourceBundle.java:285)
at com.sap.security.core.util.ResourceBean.getString(ResourceBean.java:115)
at com.sap.security.core.util.ResourceBean.print(ResourceBean.java:129)
at jsp_umLogonPage1190662525830._jspService(jsp_umLogonPage1190662525830.java:113)
at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:544)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:186)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.security.core.logonadmin.ServletAccessToLogic.gotoPage(ServletAccessToLogic.java:140)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.doLogon(SAPMLogonLogic.java:994)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:240)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:59)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doGet(SAPMLogonServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
16:26:59:945 Error Guest ~n_Thread[impl:3]_21 ~rity.core.server.jaas.SPNegoLoginModule Decoding error in parsing of spnego token.
[EXCEPTION]
iaik.asn1.CodingException: Error reading ASN.1 datastructure: null
at iaik.asn1.DerCoder.decode(Unknown Source)
at com.sap.security.core.server.jaas.SPNegoLoginModule.doHandshake(SPNegoLoginModule.java:574)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:322)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:154)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:175)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:97)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:279)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:59)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doGet(SAPMLogonServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
16:26:59:945 Error Guest ~n_Thread[impl:3]_21 ~rity.core.server.jaas.SPNegoLoginModule Error during handshake (has already been reported). Authentication failed.
16:26:59:945 Fatal Guest ~n_Thread[impl:3]_21 ~ogonLogic][md=executeRequest][cl=20636] Fatal Logon error
[EXCEPTION]
com.sap.engine.services.servlets_jsp.server.exceptions.InvalidSessionException: Method [getAttribute()] is called in an invalid session.
at com.sap.engine.services.servlets_jsp.server.runtime.client.ApplicationSession.getAttribute(ApplicationSession.java:574)
at com.sap.security.core.logonadmin.ServletAccessToLogic.getSessionAttribute(ServletAccessToLogic.java:61)
at com.sap.security.core.logonadmin.ServletAccessToLogic.gotoPage(ServletAccessToLogic.java:85)
at com.sap.security.core.sapmimp.logon.SAPMLogonLogic.executeRequest(SAPMLogonLogic.java:292)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doPost(SAPMLogonServlet.java:59)
at com.sap.security.core.sapmimp.logon.SAPMLogonServlet.doGet(SAPMLogonServlet.java:77)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:387)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:365)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:944)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:266)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:160)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
How can I solver the errors??.
Best regards.
10-09-2007 4:31 PM
Hi,
The error indicates that an NTLM token is sent by the browser insetad of SPNEGO one. The reasons could be the following:
- the browser is running locally on the J2EE host
- HTTP proxy is enabled in the browser
- you are not logged into the correct Windows domain
- you are accesing the J2EE server with different host name than the added as SPN in the ADS (setspn command)
- OS issue
Please check the above list. For further troubleshooting I'll need the attributes of the service user in ADS (e.g. ldifde -r samaccountname=<j2ee-service-user> -f out.ldf) and Wireshark traces - see SAP Note 958107 on how to collect the network traffic. After that filter by "udp.port==88" or "tcp.port==88" and search for any Kerberos protocol errors. Post the above information in order to analyze it.
Regards,
Dimitar
10-16-2007 5:10 PM
10-17-2007 8:00 AM
Hi there,
I guess lots of readers would appreciate posting the solution as well.
Kind regards,
Richard