10-25-2007 2:24 PM
Hi,
I have successfully configured SPNego logon to the first portal in our landscape, however, on the next portal I've got to the SPNego logon is failing.
When using the diagtool to analyse the problem tests 1-5 and 7 are passing successfully, however, test 6 is failing.
I am configuring against the following software components:
SAP J2EE - 7.00 SP13
Sun JDK version: 1.4.2_14
diagtool version 1.7.2
MS Active Directory is configured as the EP UME with resolution mode simple.
I believe the problem is in some way related to the authentication of the j2ee-<sid> user, however, I cannot narrow it down further. The password for this user has not changed since I generated the keytab file.
Any help greatly appreciated.
The following error is written to the diagtool trace file:
Error creating GSS context.
[EXCEPTION]
GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)
Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
at java.lang.StringBuffer.append(StringBuffer.java:467)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:576)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)
at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)
at com.sap.engine.config.diagtool.Task.execute(Task.java:55)
at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
... 15 more
Acquire credential failed for realm EUR.EMIGRP.COM
02-13-2008 5:35 PM
This was caused bya bug in Sun JDK version: 1.4.2_14. We downgraded to 1.4.2_13 and the problem was resolved.
OSS note 716604 explains the problem.
02-13-2008 5:39 PM
Hello CJH,
Thank you for following up.
I will set the thread status to "assumed answered".
Cheers,
Julius