SPNego fails: Error creating GSS context - java.la...

Former Member · ‎10-25-2007

Hi,

I have successfully configured SPNego logon to the first portal in our landscape, however, on the next portal I've got to the SPNego logon is failing.

When using the diagtool to analyse the problem tests 1-5 and 7 are passing successfully, however, test 6 is failing.

I am configuring against the following software components:

SAP J2EE - 7.00 SP13

Sun JDK version: 1.4.2_14

diagtool version 1.7.2

MS Active Directory is configured as the EP UME with resolution mode simple.

I believe the problem is in some way related to the authentication of the j2ee-<sid> user, however, I cannot narrow it down further. The password for this user has not changed since I generated the keytab file.

Any help greatly appreciated.

The following error is written to the diagtool trace file:

Error creating GSS context.

[EXCEPTION]

GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)

at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)

at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)

at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)

at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)

at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)

at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)

at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.createGSSContext(Krb5ServerTest.java:104)

at com.sap.engine.config.diagtool.tests.authentication.krb.Krb5ServerTest.execute(Krb5ServerTest.java:75)

at com.sap.engine.config.diagtool.Task.execute(Task.java:55)

at com.sap.engine.config.diagtool.Launcher.run(Launcher.java:343)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at com.sap.engine.config.diagtool.Launcher.main(Launcher.java:394)

Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException

at java.lang.StringBuffer.append(StringBuffer.java:467)

at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:576)

at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:324)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)

at javax.security.auth.login.LoginContext.login(LoginContext.java:534)

at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)