Login as DOMAINUsername posible in SPNego?

Hi,
I just implemented SPNego and is working but when a user is not loged into the domain the user has to login typing in the authentication window the username like [email protected] and not like DOMAINUsername, do you know if this is posible? I´ve been told of an SPNego implementation that is working as DOMAINUsername but don´t know how to do it or even if it is possible.
Thanx in Advanced!
Kind Regards,
Gerardo J

Hi,
I just made a Test and it is working the way we are expecting, with standard installation of the SPNego we are able to login as DOMAIN/Username, maybe we made the tests with wrong usernames or maybe but less probable is working now cause we pointed to the SPNego and Portal to the ADS in port 3268 which can see all domains.
Also can somebody help me out on rewarding points cause I don´t see the radio buttons to select the points, has something changed in the Forums?
Kind Regards,
Gerardo J

Similar Messages

  • SSO for Java not working

    Hi,
    We have configured the Secure login Server and enabled the SPNEGO. We are getting the certificates and able to fully get the features of X.509 and Kerberos functionallity in ABAP.
    However in the case of JAVA stack it is not taking the windows authentication and logging in instead prompting to enter the user name and password.
    Any help  on this is appreciated.
    Regards
    Mukunthan

    Hi,
    Following is the log trace. I am using AS JAVA 7.4. From security trouble shooting wizard, i pulled the trace.
    Trace as follows
    Can't map exception.
    [EXCEPTION]
    com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.
    at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:280)
    at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
    at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:453)
    at com.sapportals.portal.prt.service.hook.SecurityHookService.doNodeHook(SecurityHookService.java:151)
    at com.sapportals.portal.prt.connection.PortalHook.doNodeHook(PortalHook.java:383)
    at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:136)
    at com.sap.portal.prt.pom.factory.ComponentNodeFactory.newInstance(ComponentNodeFactory.java:49)
    at com.sap.portal.prt.pom.PortalNode.createComponentNode(PortalNode.java:270)
    at com.sap.portal.prt.core.PortalRequestManager.runRequestCycle(PortalRequestManager.java:445)
    at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:202)
    at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
    at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:334)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:490)
    at com.sap.portal.navigation.Gateway.service(Gateway.java:161)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
    at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    at com.sap.portal.prt.dispatcher.CustomHeaderFilter.doFilter(CustomHeaderFilter.java:58)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
    at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:278)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
    at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
    at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
    at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
    at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
    at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
    at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
    at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
    Caused by: javax.security.auth.login.LoginException: Trigger SPNEGO authentication.
    at com.sap.security.core.server.jaas.SPNegoLoginModule.initialStateException(SPNegoLoginModule.java:366)
    at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:173)
    at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
    at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
    ... 64 more
    Regrds
    Mukunthan

  • SSO issue in Upgraded Netweaver 7.4

    Hi experts,
    We have completed the SAP Portal Upgrade from Netweaver 7.0 to 7.4 .
    In Netweaver 7.0 , we have configured SSO between windows active directory  to Portal with help of SAP note 1457499 & attached configuration guide. it worked fine before the upgrade process.
    but now in the Netweaver 7.4 which is not worked so  again we configured the SSO as per the below SCN Link step 4 for Configuring the SSO between Java & Windows active directory.After completing that configuration also  still  SSO is not working.
    please provide us your valuable suggestion to fix the SSO in Netweaver 7.4.
    SSO configuration in SCN : Single Sign-On with Kerberos  (Enable Single Sign-On on SAP AS JAVA)
    Regards
    Sebastian A

    Hi Sebastian,
    There is not a massive difference in the spnego from 7.0 to 7.4, the main difference that the 7.4 system can generate a keytab file itself as it comes with a 1.6 jdk. if you imported an old keytab file I suggest you run the wizard again and use the one it generates.
    Have you collected any traces, if not try the reproduce the issue (on a fresh browser session) while the troublshooting wizard is running, (example 1 from note 1332726). You should see the initial part of spnego (it will be a failed login with the error "Trigger spnego athentication" then if all seems ok on the AD/browser side and there are no decryption issues a kerberos token should be recieved then we should see another login were the spnegomodule deals with the token, you can upload the output of this trace for assistance.
    Best regards,
    Cathal

  • SPNEGO Login module Stack issue: Could not validate SPNEGO token

    Hello to all,
    We are deploying a SAP Netweavear 7.3 Enterprise Portal with SPNego login module activated.
    We are performing some tests (performances and concurrent accesses).
    During the tests we have found several times the folloiwing Issue linked to the spnego.
    Could not validate SPNEGO token.
    [EXCEPTION]
    java.lang.NumberFormatException: multiple points
    at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1082)
    at java.lang.Double.parseDouble(Double.java:510)
    at java.text.DigitList.getDouble(DigitList.java:151)
    at java.text.DecimalFormat.parse(DecimalFormat.java:1303)
    at java.text.SimpleDateFormat.subParse(SimpleDateFormat.java:1934)
    at java.text.SimpleDateFormat.parse(SimpleDateFormat.java:1312)
    at java.text.DateFormat.parse(DateFormat.java:335)
    at com.sap.security.core.server.jaas.spnego.util.Utils.generalizedTimeStringToData(Utils.java:167)
    at com.sap.security.core.server.jaas.spnego.krb5.KrbTicketEncryptedData.parseDecryptedData(KrbTicketEncryptedData.java:67)
    at com.sap.security.core.server.jaas.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:94)
    at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:68)
    at com.sap.security.core.server.jaas.SPNegoLoginModule.parseAndValidateSPNEGOToken(SPNegoLoginModule.java:315)
    at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:474)
    at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:160)
    at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
    at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:65)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:254)
    at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:352)
    at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
    at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
    at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
    at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:163)
    at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doCached(RequestDispatcherImpl.java:655)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:488)
    at com.sap.portal.navigation.Gateway.service(Gateway.java:147)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
    at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
    at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
    at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
    at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
    at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
    at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
    at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
    at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
    at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
    at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
    at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
    at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
    at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
    The user rlinked to this user is Guest.
    could you please advice us how to solve this reccuring issue?
    Kind regards
    Julien LEFEVRE

    Hello Cathal,
    Thank you for your answer.
    In fact the new spnego wizard of the SAP Enterprise Portal 7.3 is used to get the the two keys files. The SAP Jvm is used in fact with the 1.6.1.
    And in fact , it functions perfectly sometimes. but during the test of massive access ( More than 30 conurent users), I have this error that comes frequently.
    Best regards
    Julien LEFEVRE

  • SPNEGO in portal with abap data source + mapping on login & alias id

    Hello
    I successfully set up the new spnego autentification (with AD)  on our EP7 portal.
    Spnego module is configured with Mapping mod u201Cprincipal onlyu201D with source  u201Clogin idu201D.
    SSO is working perfectly for all users with the same u2018sap loginu2019 as the AD login.  ( they can use portal to connect on all sap ECC6 server true iview without login& password )
    But for user with login name different between AD and SAP , this doesnu2019t work. They have to enter their sap login & password on the portal. So spnego is not working for them.
    Such user have different login name between AD et SAP because abap system limit user length to 12 caracters.   So I could not change abap username. 
    And I could not change their AD login name. ( too much impact).
    Exemple :
    p.nametoolong  = 13  character  on  AD but too long for abap
    p.name = 6 ok for abap but different from AD login name.
    So if I could not change login id I have to work on user mapping.
    The Portal UME use our abab CUA as datasource. So I could not set up user mapping inside the u201Cuser management u201C
    A solution could be that Spnego mapping use as source  the u201Calias idu201D and not the u201Clogin idu201D.
    So I have to set all the u201Calias idu201D. I can do a script for copying in su01 all u201Clogin idu201D to u201Calias idu201D and then edit the u201Calias idu201D of user with a different AD login. ( by the way do you know a tx for that ? )
    But this is a little dirtyu2026 is there a simple way to do that ?
    it would be perfect if i could do mapping on user id or on alias id if it set. So that i should only manage the alias id user with a AD name different... is that possible ?
    thank you  !
    cdlt
    GSV
    Edited by: Patrick FABRIES on Oct 4, 2011 12:08 PM
    Edited by: Patrick FABRIES on Oct 4, 2011 12:11 PM

    Hi Patrick,
    Even if you perform this operation, the situation will worsen overtime.
    By the way, if you still want to do it, this is pretty simple: call 'BAPI_USER_CHANGE' with the username and pass:
    ALIAS = <new alias>
    ALIASX = 'X'
    Isn't there another attribute that you could use as a pivot: e-mail, maybe?
    Best regards,
    Guillaume

  • SPNego - LOGIN.FAILED error

    Hello,
    Hello gurus,
    we have installed BI 7.0 SP15 with Portal as the java side of the BI (double stack). We have CI + 3 dia instances.
    We get the following error only on the CI server:
    LOGIN.FAILED
    User: N/A
    Authentication Stack: com.sun.security.jgss.accept
    Login Module                                                               Flag        Initialize  Login      Commit     Abort      Details
    1. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok          exception             false      null
    2. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok                                false     
    3. com.sun.security.auth.module.Krb5LoginModule                            OPTIONAL    ok                                false
    The problem is that the SPNego authentication is not working on that server, we get the logon screen. On the other servers the authentication is working perfectly.
    What I've checked:
    *The spn is set correctly.
    *The wizard was configured.
    Please advice,
    Dimitry Haritonov

    Are you use Windows x64? Per Note 716604 - Access to Sun J2SE and recommended J2SE options
    your 1.4.2_17 -->
    With 1.4.2_14 - 1.4.2_17 you get an exception using Kerberos authentication with WebAS Java
    Best for you open OSS call to SAP -->
    http://service.sap.com/message
    Regards.

  • SPNego - Login Screen Appears for IE Browser in Some machines.

    Hi,
    We've done the SPNEGO Implementation for Portal SSO.
    All the settings related to KDC in AD server, Portal WAS and IE browser client settings have been done.
    In most of the machines with WINDOWS XP SP2, portal login screen is not getting appeared in IE and so SPNEGO is working fine.
    But in few machines with WINDOWS XP SP2, portal login screen appears although the IE client setting like adding the portal url in Security Local Intranet, enabling integrated windows authothentication, enabling automatic logon in intranet zone  is done.
    We have even followed the SAP Note 934138 and installed Microsoft hotfix KB899587, but still some machines with Windows XP SP2 are facing this issue.
    Thanks,
    Regards,
    Aditya Metukul

    HI Aditya,
    This might be due to proxy settings. Go to your IE -> Tools-> Internet Options -> Connections ->LAN settings -> If you are using Proxy settings then go to Advanced tab -> and add the portal URL under "Do not use Proxy servers for address beninging with".
    Regards
    Deb
    Edited by: Debasish Sarkar on Dec 8, 2008 7:20 PM

  • SPNego login using additional attribute in LDAP

    Hello experts,
    We have a situation here to implement SPNego login for portal.
    We have integrated LDAP with portal and the j_user is mapped to an additional parameter (for ex, employee number) to enable the user to use this as a login-id instead of the default user-id.
    Say if the user is logged in with user-id : XYZ and for portal we are picking up the additional parameter (ex ,. ABC) from LDAP for login.
    But SPNego takes only the default user-id (XYZ) from windows. Can we cusomize SPNego to pick up additional attribute (ABC) to authenticate portal?
    Regards,
    Nirmal Sivakumar G
    Edited by: Nirmal G on Feb 3, 2009 12:47 PM

    Hi,
    pls. check steps provided in documentation:
    http://help.sap.com/saphelp_nwce711/helpdata/en/0b/d82c4142aef623e10000000a155106/frameset.htm
    Best regards,
    Johannes

  • SPNego Login fails while using MacOS 10.4 and Firefox

    Hello,
    we are running an EP6 NW04 SPS 19 on an HP UX. For authentification we
    configured kerberos via spnego. This is working fine for all windows
    clients and the browsers ie6, ie7 and firefox.
    While using Firefox on MacOS X it is not working. We analyzed the error.It is the following
    error message in the trace file:
    Decoding error in parsing of spnego token.
    [EXCEPTION]
    iaik.asn1.CodingException: ASN.1 creation error:SPNego OID expected.
    Found 1.2.840.113554.1.2.2
    As you can see, the mac client is sending the raw kerberos ticket. How
    does the WAS handles this ticket?
    Kind Regards,
    Oliver

    Oliver,
    The SAP SPNEGO login module supports OID 1.3.6.1.5.5.2 only, which is the OID for SPNEGO protocol, and this is why it is called an SPNEGO login module. It does not support other OIDS such as RFC1964 Kerberos V5 (1.2.840.113554.1.2.2) or NTLM (1.3.6.1.4.1.311.2.2.10). If you need to support other OIDS, and not just SPNEGO then you need to use a different login module. I can help you with that if you are interested since my company has a product (comprising a login module which uses Kerberos) which supports SPNEGO as well as other OIDS - it is not 100% SPNEGO based like the login module available from SAP.
    Thanks,
    Tim

  • SPNEGO Login Module - SSO configuration

    Hi All,
    Is there anyone have configure SPNEGO successfully ?
    Can you share how to do it ?
    Because even during registration of http/... to service user I have already facing problem which prompt me wrong command though the  keytab generation having no problem.
    Best Regards,
    Dedi

    Dedi,
    Please goto this location for the kerberos Configuration.
    http://help.sap.com/saphelp_nw04/helpdata/en/43/4bd58c6c5e5f34e10000000a1553f6/frameset.htm
    If you are using SP14 then you have to deploy the SPNEGO.sda for the login module. However it comes by default with SP15. SO i would suggest you to use SP15.
    If you find this helpful then do reward points.
    James

  • No Logout/ Re-Login after SPNEGO authentification

    Hi experts.
    I configured our portal (7/SP12) using SSO via SPENGO/KERBEROS.
    Everything works fine expact the fact, that the user cannot logout anymore. The logout popup appears, but after accepting the logout the user is again on the landing page in the portal.
    where is my wrong setting? did I make a mistake in the orde of the login modules?
    thanks for your infos in advance
    cheers
    jürgen

    Hi ,
    check by entering url  http://<yourhost:port>/irj/portal?logout_submit=1 in your portal page. If it logout , Portal logoff feature is okay .
    Did you change any settings previously related to this feature?
    Koti Reddy

  • SPNEGO vs NTLM issue

    Hi,
    I'm trying to configure SSO for my web application using IIS as webserver
    and the IIS-Weblogic proxy plugin provided by bea. I use Weblogic 8.1 SP4.
    I followed the procedure described in the dev2dev documentation and now I am
    stuck with a ntlm vs spnego issue.
    Here is what I get from a full security debug in my Weblogic log:
    <2005-06-09 13 h 50 EDT> <Debug> <SecurityDebug> <000000>
    <PrincipalAuthenticator.assertIdentity - Token Type: Authorization>
    <2005-06-09 13 h 50 EDT> <Debug> <SecurityDebug> <000000> <Found NTLM token
    when expecting SPNEGO>
    <2005-06-09 13 h 50 EDT> <Debug> <SecurityDebug> <000000>
    <PrincipalAuthenticator.assertIdentity - IdentityAssertionException>
    My iis plugin log shows that everything seems to be ok, the client first
    receives a 401 response and then sends a [WWW-Authenticate] Negociate
    header, including a Kerberos token in base 64. The only problem is that it
    seems that this token is ntlm instead of spnego:
    Thu Jun 09 13:50:07 2005 WLS info in sendRequest: myweblogicserver.com
    recycled? 0
    Thu Jun 09 13:50:07 2005 Hdrs from WLS:[WWW-Authenticate]=[Negotiate]
    Thu Jun 09 13:50:07 2005 Hdrs to client:[WWW-Authenticate]=[Negotiate]
    Thu Jun 09 13:50:07 2005 Going to send headers to the client. Status :401
    Unauthorized xxx
    Thu Jun 09 13:50:07 2005 Hdrs from client:[Authorization]=[Negotiate
    TlRMTVNTUAABAAAAB7IIogYABgAxAAAACQAJACgAAAAFASgKAAAAD1NTUU5UMTY1NlNTUVZJRQ==]
    Thu Jun 09 13:50:07 2005 Hdrs to WLS:[Authorization]=[Negotiate
    TlRMTVNTUAABAAAAB7IIogYABgAxAAAACQAJACgAAAAFASgKAAAAD1NTUU5UMTY1NlNTUVZJRQ==]
    Thu Jun 09 13:50:07 2005 Hdrs from WLS:[WWW-Authenticate]=[Negotiate]
    Thu Jun 09 13:50:07 2005 Hdrs to client:[WWW-Authenticate]=[Negotiate]
    Thu Jun 09 13:50:07 2005 Going to send headers to the client. Status :401
    Unauthorized xxx
    as a result of all this, I get a basic authentication prompt when I try to
    access my web application.
    any help would be greatly appreciated.
    Thanks!

    Hi,
    Thanks for your information. I finally managed to solve my ntlm/spnego
    issue. In fact, it seems that I had no problem other than trying to test it
    from the same computer on which my WLS is installed. When I invoke my web
    application from another computer on the network, I dont get this
    ntlm/spnego issue.
    But now I have another problem. First, when I try to access my web
    application, WLS prompts me (in the server window) for the password of the
    SPN account for my server. I though it was supposed to use the keytab file
    for it, but anyway, this is maybe a part of my problem.
    If I type the correct password, it continues, but I get this chained
    exception:
    >
    GSSException: No valid credentials provided (Mechanism level: Attempt to
    obtain new ACCEPT credentials failed!)
    Caused by: javax.security.auth.login.LoginException: Pre-authentication
    information was invalid (24)
    Caused by: KrbException: Pre-authentication information was invalid (24)
    Caused by: KrbException: Identifier doesn't match expected value (906)The root cause seems to be "Identifier doesnt match expected value".. I
    really dont know what it means. I am still trying to solve this so any help
    would be appreciated and I will also post any other information I get on the
    subject.
    Thanks
    <regis piccand> a ?crit dans le message de news:
    [email protected]..
    Hi,
    I am currently trying to achieve the same configuration, and I noticed
    that this happens when, in the setup of the Single Passe Negotiate
    Identity Asserter, you choose the SPNEGO.AtnAssertion type (which seems to
    be here only for compatibility reason - see
    http://e-docs.bea.com/wles/docs42/adminguide/providers.html#1150785).
    Removing this type helped in my case. However, I am now stuck with a GSS
    exception No Valid Credentials provided (see my post at
    http://forums.bea.com/bea/thread.jspa?threadID=600004578&tstart=0)
    Hope this helps,
    Kind regards,
    Regis

  • Logoff not working after SPNego Authentication

    Hi Experts,
    Configured SPNego authentication sucessfully.
    But after clicking logoff button again logged in back again.
    As per some advice, done as follows
    Example: Portal SSO URL: http://portal.example.com
    Create a URL like http://nonssoportal.example.com (Create the name in the DNS and point it to the IP of your portal server)
    Changed the logoff paramter to point to the new URL. After restart once logoff clicks went to new URL but still SSO ticket authenticating.
    I need to get the login page again so that i can login with administrator or other test user IDs.
    Please post your suggestions.
    Regards,
    Raja. G

    Hi,
    Created the alias for that server and made the logoff URL as http://<alias of the server>:<port>/irj/portal.
    Now am able to achieve the login page however it is asking for the windows authentication while logging off.
    If we click cancel then we can able to achieve the login page.
    Any idea to avoid the popup for asking windows credentials?
    Regards,
    Raja. G

  • Could not validate SPNEGO token.java.lang.Exception: Checksum error.

    Hello consultant:
    We are trying configurated SSO usind SPNEGO  module
    We have a portal 7.0 ehp1 and Active Directory Microsoft versión 2003 native
    we have followed the steps described in note Sap 1457499"Note 1457499 - SPNego add-on"
    When we have logged with user Active Directory and we try access to portal we obtain following error:
    Authorization check user error
    We have Deploy the Web diagtool from SAP Note 1045019 on the J2EE server, run it and perform the
    following steps:
    1. Select "Component" = "security" and "Activity" = "all"
    2. Click the "Go" button, followed by the "Add All" button
    3. Select "Component" = "All" and in the "Search pattern" field write "com.sap.security.spnego"
    4. Click the "Go" button, followed by the "Add All" button
    5. Start the tool
    Then we have reproduce the problem and stop the tool. The generated zip file will contain following error:
    15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~p.security.spnego.krb5.crypto.DesCrypto Checksum error! checksum: 0xc46bfed8d0dbc54221ee75405c8cd5ac; calculated checksum: 0x6ead7e801608b729a6957597327f2ba5
    15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~m.sap.security.spnego.SPNEGOLoginModule Could not validate SPNEGO token.
    java.lang.Exception: Checksum error.
    at com.sap.security.spnego.krb5.crypto.DesCrypto.decrypt(DesCrypto.java:43)
    at com.sap.security.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:81)
    at com.sap.security.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:67)
    at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:234)
    at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
    at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
    at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
    at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
    at java.security.AccessController.doPrivileged(AccessController.java:246)
    at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
    at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
    at java.lang.reflect.Method.invoke(Method.java:391)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
    at java.security.AccessController.doPrivileged(AccessController.java:246)
    at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
    at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:912)
    at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)
    at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
    at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:181)
    at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)
    at java.security.AccessController.doPrivileged(AccessController.java:246)
    at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
    at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
    at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    at java.security.AccessController.doPrivileged(AccessController.java:219)
    at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
    at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Could you help us?
    Many thanks for your collaboration

    << Do not post the same question across a number of forums >>

  • Help-kerberos works with spnego keytab file but not in netbeans and Metro

    Hi,
    Appreciate if someone can shed some light on this problem and guide on what else am I missing.
    I'm trying to call .NET based WCF webservice (MS Dynamics CRM - OrganizationSvc) from a java client. Started looking at Metro framework for interoperability. I was able to generate all the proxy classes and was able to write the code to invoke web service. However the challenge was using Kerberos based authentication and related setup.
    I primarily followed the link below which was very helpful but had to dig more to get more specific details.
    http://blogs.sun.com/enterprisetechtips/entry/building_kerberos_based_secure_services
    Tried to follow netbeans route and hit some roadblocks in verifying the setup (krb5.conf & login.conf & wsit-client.xml). So, came across SPNEGO and used their examples, made changes accordingly and after experimenting with various configuration settings(krb5.conf and login.conf), finallyI was able to run HelloKDC & HelloKeytab files successfully.
    krb5.conf_
    [libdefaults]
    default_realm = NA.CONVERGYS.COM
    [realms]
    NA.CONVERGYS.COM = {
    kdc = CDCWW13.na.convergys.com
    admin_server = CDCWW13.na.convergys.com
    [domain_realm]
    .na.convergys.com = NA.CONVERGYS.COM
    login.conf_
    spnego-server {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    keyTab="C:/WINDOWS/orldwv705_feb03.keytab"
    doNotPrompt=false
    storeKey=true
    principal="HOST/ORLDWV705.na.convergys.com"
    debug=true;
    C:\spnego-r7>klist -k C:\WINDOWS\orldwv705_feb03.keytab
    Key tab: C:\WINDOWS\orldwv705_feb03.keytab, 1 entry found.
    [1] Service principal: HOST/[email protected]
    KVNO: 7
    With these settings, I was able to successfully make the call & Hello Keytab was able to get the Ticket and authenticate.
    http://spnego.sourceforge.net/index.html
    http://spnego.sourceforge.net/client_keytab.html
    http://spnego.sourceforge.net/troubleshoot_hellokeytab.html
    However, when I run the example in Netbeans with the setup mentioned in the link below, I run into following exception...
    http://metro.java.net/guide/Developing_with_NetBeans.html#wsit_example_with_nb-creating_wsit_client
    http://metro.java.net/guide/_Configuring_Kerberos_for_Glassfish_and_Tomcat.html
    1) noticed that sc:KerberosConfig element in wsit-client.xml does not get updated automatically in netbeans ide, so manually edited to put the entries.
    2) also followed the setup required in glassfish domain.xml & login.conf xml.
    3) also noticed that netbeans setup requires us to use C:\Windows\krb5.ini file which is nothing but krb5.conf file referred elsewhere.)
    wsit-client.xml_
    <wsp:Policy wsu:Id="ClientKerberosPolicy"
    xmlns:sc="http://schemas.sun.com/2006/03/wss/client"
    xmlns:wspp="http://java.sun.com/xml/ns/wsit/policy"
    xmlns:scc="http://schemas.sun.com/ws/2006/05/sc/client"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
    xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
    <wsp:All>
    <sc:KerberosConfig wspp:visibility="private"
    loginModule="KerberosClient"
    servicePrincipal="HOST/ORLDWV705.na.convergys.com"
    credentialDelegation="true" />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    ERROR
    INFO: WSP5018: Loaded WSIT configuration from file: file:/C:/Documents%20and%20Settings/rchoppal/My%20Documents/NetBeansProjects/TestOrgSvc/build/web/WEB-INF/classes/META-INF/wsit-client.xml.
    WARNING: [failed to localize] WSP_0075_PROBLEMATIC_ASSERTION_STATE({http://schemas.microsoft.com/xrm/2011/Contracts/Services}AuthenticationPolicy, UNKNOWN)
    WARNING: [failed to localize] WSP_0019_SUBOPTIMAL_ALTERNATIVE_SELECTED(PARTIALLY_SUPPORTED)
    INFO: >>>KinitOptions cache name is C:\Documents and Settings\rchoppal\krb5cc_rchoppal
    INFO: >>> KrbCreds found the default ticket granting ticket in credential cache.
    SEVERE: WSITPVD0050: Error while Securing Request Message.
    com.sun.xml.wss.XWSSecurityException: Unexpected Exception in Kerberos login - unable to continue
    at com.sun.xml.ws.security.impl.kerberos.KerberosLogin.login(KerberosLogin.java:94)
    at com.sun.xml.wss.impl.misc.WSITProviderSecurityEnvironment.doKerberosLogin(WSITProviderSecurityEnvironment.java:3049)
    at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.populateKerberosContext(WSITClientAuthContext.java:911)
    at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.secureRequest(WSITClientAuthContext.java:318)
    at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.secureRequest(WSITClientAuthContext.java:291)
    at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:158)
    Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
    at sun.security.krb5.Credentials.acquireDefaultCreds(Credentials.java:451) (i tried to search open source code, but this line did'nt match exactly)
    at sun.security.krb5.Credentials.acquireTGTFromCache(Credentials.java:272)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:589)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    at com.sun.xml.ws.security.impl.kerberos.KerberosLogin.login(KerberosLogin.java:85)
    SEVERE: SEC2004: Container-auth: wss: Error securing request
    javax.xml.ws.WebServiceException: WSITPVD0050: Error while Securing Request Message.
    at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.secureRequest(WSITClientAuthContext.java:299)
    at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:158)
    Caused by: javax.xml.ws.soap.SOAPFaultException: Unexpected Exception in Kerberos login - unable to continue
    at com.sun.xml.wss.provider.wsit.WSITAuthContextBase.getSOAPFaultException(WSITAuthContextBase.java:1617)
    at com.sun.xml.wss.provider.wsit.WSITAuthContextBase.getSOAPFaultException(WSITAuthContextBase.java:1633)
    ... 42 more
    WARNING: StandardWrapperValve[TestOrgSvcServlet]: PWC1406: Servlet.service() for servlet TestOrgSvcServlet threw exception
    javax.xml.ws.WebServiceException: Cannot secure request for {http://schemas.microsoft.com/xrm/2011/Contracts}CustomBinding_IOrganizationService
    at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:165)
    Caused by: javax.xml.ws.WebServiceException: WSITPVD0050: Error while Securing Request Message.
    at com.sun.xml.wss.provider.wsit.WSITClientAuthContext.secureRequest(WSITClientAuthContext.java:299)
    at com.sun.enterprise.security.webservices.ClientSecurityPipe.process(ClientSecurityPipe.java:158)
    ... 40 more
    Caused by: javax.xml.ws.soap.SOAPFaultException: Unexpected Exception in Kerberos login - unable to continue
    at com.sun.xml.wss.provider.wsit.WSITAuthContextBase.getSOAPFaultException(WSITAuthContextBase.java:1617)
    at com.sun.xml.wss.provider.wsit.WSITAuthContextBase.getSOAPFaultException(WSITAuthContextBase.java:1633)
    ... 42 more
    Edited by: user6748004 on Feb 3, 2011 5:36 PM
    Edited by: user6748004 on Feb 3, 2011 5:38 PM

    Hi Gasha,
    The only change I did after this, was to try and use 'KerberosServer' configuration from the wsit-client.xml. Atleast, this enabled the glassfish application to load the configuration related to keytab etc, and use it to communicate with the WCF service for negotiation.
    <sc:KerberosConfig wspp:visibility="private"
    loginModule="KerberosServer"
    servicePrincipal="HOST/ORLDWV705.na.convergys.com"
    credentialDelegation="true" />
    login.conf has
    KerberosServer {
    com.sun.security.auth.module.Krb5LoginModule required
    useKeyTab=true
    keyTab="C:/WINDOWS/orldwv705_feb03.keytab"
    doNotPrompt=false
    storeKey=true
    principal="HOST/ORLDWV705.na.convergys.com"
    debug=true;
    fyi.. Used the following way to create the keytab
    Keytab was created using below instructions
    ktpass -princ HOST/[email protected]
    -mapUser [email protected]
    -mapOp set
    -pass *
    -crypto DES-CBC-MD5
    -pType KRB5_NT_PRINCIPAL
    -out orldwv705.keytab
    Targeting domain controller: CDCWW13.na.convergys.com
    Successfully mapped HOST/ORLDWV705.na.convergys.com to svcMSCRMDev.
    Key created.
    Output keytab to orldwv705.keytab:
    Keytab version: 0x502
    keysize 75 HOST/[email protected] ptype 1 (KRB5_NT_PRINCIPAL) vno 8 etype 0x3 (DES-CBC-MD5) keylength 8 (0x0bc27ca83891dc2a)
    Also realised that we need to add 'HTTP/ORLDWV705.na.convergys.com' & 'http/ORLDWV705.na.convergys.com' using set SPN commands on the AD of the server where CRM is installed.
    With these changes, the negotiate authentication seems to have happened using the Kerberos token from the keytab, but later ran into an error for which I was not able to get any clue to go forward. Someone in another post about this error suggested that it worked once they changed principal names, but when I tried I did'nt get any success.
    This is where I'm struck now. What I don't know is if there is another setup from which we can try a similar interoperability example for ex.. weblogic 10.1 & eclipse which is more close to our real environment.
    SEVERE: SEC2004: Container-auth: wss: Error securing request
    java.lang.IllegalArgumentException: Missing argument
    at javax.crypto.spec.SecretKeySpec.<init>(DashoA13*..)
    at com.sun.xml.ws.security.impl.kerberos.KerberosContext.getSecretKey(KerberosContext.java:91)
    at com.sun.xml.wss.impl.filter.SignatureFilter.process(SignatureFilter.java:525)
    Edited by: user6748004 on Apr 8, 2011 10:39 AM

Maybe you are looking for

  • How can i sort a list of pages in CQ?

    Hello I have a structure like this in CQ: /content/mywebsite/page3 /content/mywebsite/page1 /content/mywebsite/page5 /content/mywebsite/page2 /content/mywebsite/page4 when i open mywebsite i see a menu with the list of pages in it like this: page3 pa

  • How can I get rid of signature warnings in forms?

    I was using LiveCycle to create and store about 100 forms for my company. Recently I started redoing all the forms in Acrobat Pro v9 so I could use the same field names in merged documents, something I couldn't do with LiveCycle. Adobe Reader users a

  • Where can I find the error log of adobe premiere CC

    Adobe premiere CC is doing very weird things this last month. When I open adobe I get a really weird setup. When I move everything back in order it's ok again. I save the new order under the same name (overlapping) but when I start adobe again, every

  • Artist Name Sorting

    Is there a way to sort my iTunes library (both on the Mac and iPhone) by the artist's last name? For example, Dylan instead of Bob, Lennon instead of John, etc.?

  • Changes in Assembly order

    Hi Gurus, We are using assembly order process. As you know whenever I create a sales order, production order is also created at the same time. But now our problem is whenever I make changes in the sales order, it is taking to production order screen