SPNEGO -Could not validate SPNEGO token.
Hi All,
we have configured SPENGO wizard. we have followed the steps provided in the SAP note #1457499 and deployed the files in the SPNego_AddOn_700.zip and followed all the steps in the pdf.
We are getting below error --
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.Exception: Invalid ticket endtime: 20110117223730Z
at com.sap.security.spnego.krb5.KrbApReq.throwValidationException(KrbApReq.java:112)
at com.sap.security.spnego.krb5.KrbApReq.validate(KrbApReq.java:100)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:240)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
Please suggest what could be the issue.
Regards
Amit
Hi
web diagtool also shows the same error :--
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.Exception: Invalid ticket endtime: 20110118140218Z
at com.sap.security.spnego.krb5.KrbApReq.throwValidationException(KrbApReq.java:112)
at com.sap.security.spnego.krb5.KrbApReq.validate(KrbApReq.java:100)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:240)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:85)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:58)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:149)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:523)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:412)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Regards
Amit
Similar Messages
-
Hello consultant:
We are trying configurated SSO usind SPNEGO module
We have a portal 7.0 ehp1 and Active Directory Microsoft versión 2003 native
we have followed the steps described in note Sap 1457499"Note 1457499 - SPNego add-on"
When we have logged with user Active Directory and we try access to portal we obtain following error:
Authorization check user error
We have Deploy the Web diagtool from SAP Note 1045019 on the J2EE server, run it and perform the
following steps:
1. Select "Component" = "security" and "Activity" = "all"
2. Click the "Go" button, followed by the "Add All" button
3. Select "Component" = "All" and in the "Search pattern" field write "com.sap.security.spnego"
4. Click the "Go" button, followed by the "Add All" button
5. Start the tool
Then we have reproduce the problem and stop the tool. The generated zip file will contain following error:
15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~p.security.spnego.krb5.crypto.DesCrypto Checksum error! checksum: 0xc46bfed8d0dbc54221ee75405c8cd5ac; calculated checksum: 0x6ead7e801608b729a6957597327f2ba5
15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~m.sap.security.spnego.SPNEGOLoginModule Could not validate SPNEGO token.
java.lang.Exception: Checksum error.
at com.sap.security.spnego.krb5.crypto.DesCrypto.decrypt(DesCrypto.java:43)
at com.sap.security.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:81)
at com.sap.security.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:67)
at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:234)
at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)
at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)
at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
at java.lang.reflect.Method.invoke(Method.java:391)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)
at javax.security.auth.login.LoginContext.login(LoginContext.java:557)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:912)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:181)
at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)
at java.security.AccessController.doPrivileged(AccessController.java:246)
at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Could you help us?
Many thanks for your collaboration<< Do not post the same question across a number of forums >>
-
SPNEGO Login module Stack issue: Could not validate SPNEGO token
Hello to all,
We are deploying a SAP Netweavear 7.3 Enterprise Portal with SPNego login module activated.
We are performing some tests (performances and concurrent accesses).
During the tests we have found several times the folloiwing Issue linked to the spnego.
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.NumberFormatException: multiple points
at sun.misc.FloatingDecimal.readJavaFormatString(FloatingDecimal.java:1082)
at java.lang.Double.parseDouble(Double.java:510)
at java.text.DigitList.getDouble(DigitList.java:151)
at java.text.DecimalFormat.parse(DecimalFormat.java:1303)
at java.text.SimpleDateFormat.subParse(SimpleDateFormat.java:1934)
at java.text.SimpleDateFormat.parse(SimpleDateFormat.java:1312)
at java.text.DateFormat.parse(DateFormat.java:335)
at com.sap.security.core.server.jaas.spnego.util.Utils.generalizedTimeStringToData(Utils.java:167)
at com.sap.security.core.server.jaas.spnego.krb5.KrbTicketEncryptedData.parseDecryptedData(KrbTicketEncryptedData.java:67)
at com.sap.security.core.server.jaas.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:94)
at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:68)
at com.sap.security.core.server.jaas.SPNegoLoginModule.parseAndValidateSPNEGOToken(SPNegoLoginModule.java:315)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:474)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:160)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:65)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:254)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:352)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.loginWithRequestCredentials(AuthenticationService.java:337)
at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:321)
at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:60)
at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:163)
at com.sap.portal.prt.dispatcher.DispatcherServlet.service(DispatcherServlet.java:132)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.Invokable.invoke(Invokable.java:152)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doCached(RequestDispatcherImpl.java:655)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:488)
at com.sap.portal.navigation.Gateway.service(Gateway.java:147)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:202)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:103)
at com.sap.portal.http.EnrichNavRequestFilter.doFilter(EnrichNavRequestFilter.java:49)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:79)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:432)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:210)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:441)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:430)
at com.sap.engine.services.servlets_jsp.filters.DSRWebContainerFilter.process(DSRWebContainerFilter.java:38)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ServletSelector.process(ServletSelector.java:81)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.servlets_jsp.filters.ApplicationSelector.process(ApplicationSelector.java:276)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.WebContainerInvoker.process(WebContainerInvoker.java:81)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.ResponseLogWriter.process(ResponseLogWriter.java:60)
at com.sap.engine.services.httpserver.chain.HostFilter.process(HostFilter.java:9)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DefineHostFilter.process(DefineHostFilter.java:27)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MonitoringFilter.process(MonitoringFilter.java:29)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.SessionSizeFilter.process(SessionSizeFilter.java:26)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.MemoryStatisticFilter.process(MemoryStatisticFilter.java:57)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.filters.DSRHttpFilter.process(DSRHttpFilter.java:43)
at com.sap.engine.services.httpserver.chain.ServerFilter.process(ServerFilter.java:12)
at com.sap.engine.services.httpserver.chain.AbstractChain.process(AbstractChain.java:78)
at com.sap.engine.services.httpserver.server.Processor.chainedRequest(Processor.java:475)
at com.sap.engine.services.httpserver.server.Processor$FCAProcessorThread.process(Processor.java:269)
at com.sap.engine.services.httpserver.server.rcm.RequestProcessorThread.run(RequestProcessorThread.java:56)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:122)
at com.sap.engine.core.thread.execution.Executable.run(Executable.java:101)
at com.sap.engine.core.thread.execution.CentralExecutor$SingleThread.run(CentralExecutor.java:328)
The user rlinked to this user is Guest.
could you please advice us how to solve this reccuring issue?
Kind regards
Julien LEFEVREHello Cathal,
Thank you for your answer.
In fact the new spnego wizard of the SAP Enterprise Portal 7.3 is used to get the the two keys files. The SAP Jvm is used in fact with the 1.6.1.
And in fact , it functions perfectly sometimes. but during the test of massive access ( More than 30 conurent users), I have this error that comes frequently.
Best regards
Julien LEFEVRE -
Supplied credentials not accepted by the server and Could not validate SPNEGO token
Hi,
We have installed and configured SSO 2.0 SP02 on HP-UX system. We have exported the client policy files, root certificate from SLS and imported the same in the client PC. Then we have installed the SLC in client PC with logging enabled option. Now when we try to manually login using SLC we are getting the below error.
In SLC - "Supplied credentials not accepted by the server"
In Diatool - "Could not validate SPNEGO token"
Attached the trace file from SLC and logs from diatool. Anyone suggest how to rectify this error.
The trace file from SLC
[2014.03.28 12:08:50.434][TRACE][sbus.exe ][sbus.dll ][ 4856] CToken:: Secure Login token [toksw:mem://securelogin/Windows Authentication (SPNEGO) :: login
[2014.03.28 12:08:50.452][TRACE][sbus.exe ][sbusresloade][ 4856] { GetLocale
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Send_Init
[2014.03.28 12:08:50.453][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin::Send_Any
[2014.03.28 12:08:50.515][ERROR][sbus.exe ][BASE ][ 2800] ERROR(0xA0100017) in CRYPT->sec_crypt_cipher_get_cipher_len(): An attribute is missing
[2014.03.28 12:08:50.563][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:08:50.563][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { CResourceManager::New
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { GetLocale
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.566][TRACE][sbus.exe ][sbusresloade][ 4856] { CResourceManager::Init
[2014.03.28 12:08:50.568][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:08:50.568][TRACE][sbus.exe ][sbusresloade][ 4856] } 0
[2014.03.28 12:09:00.979][ERROR][sbus.exe ][sbus.dll ][ 4856] LogonUser failed with error 0x0000052e
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][Kerberos ][ 4856] Got kerberos ticket for 'HTTP/ssodev' with server key type 23 and session key type 23
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][BASE/RANDOM ][ 4856] Get 8 bytes random data
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Send_Auth_SPNEGO
[2014.03.28 12:09:12.628][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin::Send_Any
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] { CSecureLogin_Protocol_2_0::Handle_Auth_Response
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 0
[2014.03.28 12:09:12.727][TRACE][sbus.exe ][sbusslogin.d][ 4856] } 80070005
Regards,
Yogesh Kumar DHello Yogesh,
With regards to the 2nd error "Could not validate SPNEGO Token"
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.SPNegoLoginModule SUFFICIENT ok exception true Could not validate SPNEGO token. Reason: No user with account attributes [[namespace=com.sap.security.core.authentication, name=principal, value=sap.helpdesk1, isCaseSensitive=false], [namespace=com.sap.security.core.authentication, name=realm, value=HZL01.VEDANTARESOURCE.LOCAL, isCaseSensitive=false]] found
No logon policy was applied
It means that the user "sap.helpdesk1" was decrypted from the kerberos
token but there is no user with this name in the AS Java. The reason for that is a misconfiguration in the SPNEGO user mapping.
Therefore, please open the SPNEGO wizard in the NWA and configure
how AS Java should choose a user from the UME based on the received
SPNEGO token. Here is some documentation about configuring the user
mapping:
http://help.sap.com/saphelp_nw73/helpdata/en/f4/1978c3a37a441b87a89d61c1a08689/frameset.htm
Regards,
David -
Exception: "Could not validate SAML Token"
We have an evaluation system setup that we are using to generate PDF from PS. We're connecting via the EJB client, and typically have had no problems. Until today. At some point today we began seeing exceptions being thrown on the client:
Caused by: com.adobe.idp.um.api.UMException | [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML Token --- Assertion has expired and hence not valid for user [administrator@DefaultDom]. Its valid till time [Tue Feb 04 10:58:45 MST 2014] was found to be before the current time [Tue Feb 04 16:04:41 MST 2014]
Simply bouncing the app server where the client code is running solved the problem, however we'd like to better understand what is going on and why. Nothing that I can find in the docs seems to indicate the cause/solution, and possible solutions have links that appear to no longer function: http://cookbooks.adobe.com/post_Renewing_the_context_to_handle_session_expiry-16410.html
Any suggestions and/or insight would be greatly appreciated. Thanks!PROBLEM
Using the same instance of ServiceClientFactory to remotely invoke the services exposed by the LiveCycle container can lead to
exception related to assertion expiry
Solution
To handle the timeout use the ThrowHandler mechanism provided by the ServiceClientFactory framework
Detailed explanation
LiveCycle provides a client sdk for java based client to invoke its services remotely.
An invocation involves Creation of a ServiceClientFactory instance Setting the user credential in thefactory instance Pass that factory to a service client or use that to create InvocationRequest directly
Use the client to make the actual request.
For more details refer to Invoking
LiveCycle ES Using the Java API .
A ServiceClientFactory instance once created is valid for a ceratin
period of time which is by default 120 min. if the same instance is used to invoke beyond this period then it would lead to an exception stating that
the session has expired [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML
Token --- Assertion has expired and hence not valid for user
[administrator@DefaultDom]. Its valid till time [Thu Oct 22
17:07:53 IST
2009] was found to be before the current time [Thu Oct
22 17:58:18 IST 2009]
This is not an issue if the ServiceClientFactory instance is used for short duration. However if you are going to perform a long
running task like converting large number of documents to pdf ,applying policies to them etc then it would be an issue.
Session Expiry
Before fxing the issue some info on what is session expiry.
When you use a ServiceClientFactory instance to invoke the service following fow happens
You set the credentials in the properties and invoke theservice
LiveCycle on server side validates the credentials and issues a Context. It is sort of a ticket which can be reused later instead of the actual credentials.
Upon receiving the response from the server the ServiceClientFactory instance deletes its own copy of credentials and instead stores the Context For later invocations this Context instance is passed instead of the user credentials
This whole fow is done to ensure that user's credentials are not sent for each remote call thus improving the security.
For more information on Context refer to
User Identity in LiveCycle .
Solution
To fx this issue you would have to re authenticate to LiveCycle and get the Context reissued. the best way to do that is to make use of the ThrowHandler provided by the ServiceClientFactory framework
STEP1 - Create a Throwhandler
* This ThrowHandler caches the user credentials and uses them
to refresh the Context in the
* ServiceClientFactory upon expiry.
private static class SimpleTimeoutThrowHandler implements
ThrowHandler {
private String username;
private String password;
public SimpleTimeoutThrowHandler(String username, String
password) {
this.username = username;
this.password = password;
public boolean handleThrowable(Throwable t, ServiceClient
sc,
ServiceClientFactory scf, MessageDispatcher md,
InvocationRequest ir, int numTries) throws
DSCException {
if(timeoutError(t)){
//The call to AuthenticationManager do not require
authentication so the default properties
//are suffcient
AuthenticationManager am =
new
AuthenticationManagerServiceClient(ServiceClientFactory.createInstance (getDefaultProperties()));
AuthResult ar = null;
try {
ar =
am.authenticate(username,password.getBytes());
} catch (UMException e) {
throw new IllegalStateException(e);
Context ctx = new Context();
ctx.initPrincipal(ar);
//Refresh the ServiceClientFactory instance with
the new context
scf.setContext(ctx);
logger.info("Refreshed the context associated with
ServiceCLientFactory");
//Now tell SCF to try the invocation again
return true;
//Check so that we do not wrap the exception again
if(t instanceof DSCException)
throw (DSCException)t;
if(t instanceof RuntimeException)
throw (RuntimeException)t;
// how is it possible to get this far?
throw new IllegalStateException(t);
private boolean timeoutError(Throwable t) {
if(!(t.getCause() instanceof UMException)){
return false;
UMException ue = (UMException) t.getCause();
//Check that UMException is due to the
assertion/context expiry
if(UMConstants.ErrorCodes.E_TOKEN_INVALID ==
ue.getErrCode()){
return true;
return false;
This ThrowHandler would be invoked by the ServiceClientFactory upon receiving any exception. The handler would then determine if its a timeout related exception and then would refresh the Context associated with the factory instance and tells it to retry the invocation.
STEP - 2 Register the handler
ServiceClientFactory.installThrowHandler(new
SimpleTimeoutThrowHandler(username, password));
Note: The handler should be registered only once in the application
STEP 3 - Perform your invocation
Following sample would try to apply policies on all the fles present in a directory
Properties p = getDefaultProperties();
p.setProperty(DSC_CREDENTIAL_USERNAME, username);
p.setProperty(DSC_CREDENTIAL_PASSWORD, password);
ServiceClientFactory scf =
ServiceClientFactory.createInstance(p);
//Now do some long running operation
String inputDirName ="path-to-input-dir";
String outDirName = "path-to-out-dir";
String policyName = "the-policy-name";
File inDir = new File(inputDirName);
File outDir = new File(outDirName);
RightsManagementClient rmClient = new
RightsManagementClient(scf);
DocumentManager docManager = rmClient.getDocumentManager();
//Iterate over all the pdf in the inDir and apply the
policies. If this takes a
for(File pdfFile : inDir.listFiles()){
Document inDoc = new Document(pdfFile, false);
Document securedDoc = docManager.applyPolicy(inDoc,
pdfFile.getName(), null, policyName, null, null);
securedDoc.copyToFile(new
File(outDir,pdfFile.getName()));
Now the invocation would complete even if it takes a long time. if any session expiry occurs then our ThrowHandler would take care of that.
here's a sample:
TimeOutSample.zip -
Erroe while invoking a process (could not validate SAML)
Hi,
I am getting the following error while invoking a process from
Weblogic Portal Server.The invocation happens properly always but
after frequent intervals(approx 1-1.5 hrs) this error comes.Then if
the Portal Server(the client which is invoking the process) is
restarted again it works properly.
This is very urgent to resolve.Any pointers to this will be very
helpful.
Thannks in advance,
Leena Jain
Stack Trace of the error:
ALC-DSC-215-000: com.adobe.idp.dsc.DSCAuthenticationException: None of
the Auth Provider could authenticate the user. Authentication Failed
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:157)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.invoke
(AbstractMessageReceiver.java:312)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invokeCall
(SoapSdkEndpoint.java:138)
at
com.adobe.idp.dsc.provider.impl.soap.axis.sdk.SoapSdkEndpoint.invoke
(SoapSdkEndpoint.java:81)
at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke
(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.axis.providers.java.RPCProvider.invokeMethod
(RPCProvider.java:397)
at org.apache.axis.providers.java.RPCProvider.processMessage
(RPCProvider.java:186)
at org.apache.axis.providers.java.JavaProvider.invoke
(JavaProvider.java:323)
at org.apache.axis.strategies.InvocationStrategy.visit
(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:
118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.handlers.soap.SOAPService.invoke
(SOAPService.java:454)
at org.apache.axis.server.AxisServer.invoke(AxisServer.java:
281)
at org.apache.axis.transport.http.AxisServlet.doPost
(AxisServlet.java:699)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
727)
at org.apache.axis.transport.http.AxisServletBase.service
(AxisServletBase.java:327)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:
820)
at weblogic.servlet.internal.StubSecurityHelper
$ServletServiceAction.run(StubSecurityHelper.java:226)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet
(StubSecurityHelper.java:124)
at weblogic.servlet.internal.ServletStubImpl.execute
(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter
(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at
com.adobe.idp.dsc.provider.impl.soap.axis.InvocationFilter.doFilter
(InvocationFilter.java:43)
at weblogic.servlet.internal.FilterChainImpl.doFilter
(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext
$ServletInvocationAction.run(WebAppServletContext.java:3393)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs
(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown
Source)
at
weblogic.servlet.internal.WebAppServletContext.securedExecute
(WebAppServletContext.java:2140)
at weblogic.servlet.internal.WebAppServletContext.execute
(WebAppServletContext.java:2046)
at weblogic.servlet.internal.ServletRequestImpl.run
(ServletRequestImpl.java:1366)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
Caused by: | [com.adobe.idp.um.api.impl.AuthenticationManagerImpl]
errorCode:16421 errorCodeHEX:0x4025 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion| [IDPLoggedException]
errorCode:12804 errorCodeHEX:0x3204 message:Could not validate SAML
Token --- Assertion is not valid. Current time is greater than
NOTonOrAfter time specified in the Assertion
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:246)
at com.adobe.idp.um.api.impl.ManagerImpl.handleException
(ManagerImpl.java:192)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertionCheck
(AuthenticationManagerImpl.java:587)
at
com.adobe.idp.um.api.impl.AuthenticationManagerImpl.validateAssertion
(AuthenticationManagerImpl.java:552)
at
com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.authenticate
(AbstractMessageReceiver.java:132)
... 33 moreThis happens due to expiry of the SAML assertion that the client has. Have a look at the Renew Assertion Recipe at the cookbook site
-
WS-Security: "Could not validate the signature..."
Hello,
We get the following fault when calling a web service demanding signature:
<soapenv:Fault xmlns:wsse="....">
<faultcode>wsse:InvalidSecurity</faultcode>
<faultstring>Could not validate encryption against any of the supported token types</faultstring>
</soapenv:Fault>
Client signs the request using X509V1 certificate, but in the SOAP request, type of BinarySecurityToken claims "X509V3":
<wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3 ...>
Is this possible the reason that the message can't get validated?
We should have use V3 certificate, but seem JDK's keytool can't generate V3 self-signed certificate and we don't want to bother request a V3 certificate from any CA.
Seem openSSL can do that. I will try but I can't install any thhing on the company PC. Hard to believe? :-)X509V1 is not a valid value for "Valuetype". So I guess this should not be the problem.
-
Disk image Restore returns "Could not validate source - error 254"
I had backed up an older G4 with a disk image of the boot disk. I was having severe problems so I reformatted the boot drive and started a restore (using disk utility from startup disk). The restore started fine and ran a while but then "stalled." The "progress" bar stopped and the system just kept "hitting" the Utility DVD install disk non-stop (as shown by disk access light).
Now when I try again, I immediately get a "Restore Failure - Could not validate source - error 254"
The disk image being restored is on a hard drive. I copied it to another drive and tried again with the same result.
This is being done on an old G4 Tower, dual 1 GHz PPC under 10.5.8
Comments?
(This won't kill me as all my data files are also on my MBP, I just don't want to have to reinstall all my apps, setups, etc.)Yes, for my "real" machine (my Intel MBP) I have images, clones, and Time Machine Backups not to mention my data files written to DVD. I've got at least triplicate backup. This was a old machine I was setting up for a specific purpose. I'm not losing any data but I just didn't want to have to reload apps and such. But guess I have no alternative. Thanks for the tip. I had never used the "scan for restore option" before so I learned something. Usually I just trust my multiple backup method so if one source is bad, no big deal. Thanks baltwo!
-
"Could not validate Essentials package" - How to solve?
Hi there,
I tried doing an upgrade install of Leopard and got the notorious "could not validate package" error. I'd checked the install DVD, and the same disc worked on other machines.
The problem was that the installation process was incomplete and left my system in an inconsistent state, so I couldn't reboot. Trying an erase-and-install gave me the same error.
Now I'm wondering whether I can copy a Leopard image from another machine using Carbon Copy Cloner and then apply the image to my MacBook. I haven't done this before, so would appreciate some tips on the exact process.
The other machine is a MacBook (although a newer model). Thanks a lot.
BenI've been having this problem. Apple's support documents instruct to remove all third party RAM that may be installed in your machine.
http://docs.info.apple.com/article.html?artnum=106693
(head to the bottom of the page!)
I'm going to be trying that later this evening. I've heard of RAM conflicts before so this is most likely going to be cause!
Unfortunately I have no idea if it's OK to put the RAM back in once the install is complete!
Hope this helps
Cheers
Mat
At least you're up and running in the mean time! -
The installer could not validate the contents of the 'BaseSystem' package
Hello all,
Sorry for my first post being a problem, but I am not the worlds greatest Mac person and I have been asked to support our Macs here at work.
I have had a hard drive go in a MacBook, and I have fitted a new 160Gb hard drive (upgrading from the original 80Gb one) and I am getting the above error.
I tried installing Leopard 10.5.4 from its original CD (we bought a full version when we upgraded this Macbook previously) and got the above error.
SO I thought I would have to install the original version of Tiger and upgrade from there, in the same way that I did before. I reinstalled Tiger no problems from the disks which came with the MacBook, and then tried to do the upgrade, but got the same error.
Am I doing something wrong or is there a problem do you think ?
The MacBook has been upgraded form this particular disk once before, and no changes to the MacBook have been made apart from replacing the defunct hard drive.
Thanks in advance, and I apologise if I have missed out any important needed information because as I say I am fairly new to Macs.I have your solution! I just experienced the same problem after installing a new hard drive to replace a crashed drive in an iMac (Ambient Light Sensor) model.
I initially thought it was the optical drive and/or the Leopard DVD. I tried two Leopard DVD's and both the internal slot-load and an external FireWire drive. All resulted in the same error at the calculation stage of the install...could not verify basesystem. All hard drive tests passed.
I used the Apple Hardware Test (your original OS DVD) and what did I discover? A failed memory DIMM! Even though the Mac would boot from an external, I thought everything was OK. The failed memory DIMM is the culprit!
Here is why: The Mac OS X installer copies data to memory, then copies to the hard drive. When the copied data encountered the failed memory DIMM, the Installer kicks back the failure that it could not validate the basesystem. The data in the memory becomes corrupt because the DIMM is corrupt.
I replaced both DIMMS in my iMac (an upgrade from 1 GB to 2 GB) and sure enough, the installer is running smoothly without any problems.
So replace your memory and your problem is solved. Or figure out which DIMM went bad and replace it. -
Has anyone had this problem with VPN iPad vpn connection could not validate the server certificate
Has anyone had this problem with IPad 3 after upgrade to IOS 7,
trying to to connect VPN , but I get this messag, "could not validate the server certificate".
I am trying to connect to Oracle VPN.Has anyone found a solution for this yet? I am still getting the could not validate server certificate error. I have tried importing the entire certificate chain as well as importing each individual cert in the chain. My certificate works perfectly with the cisco vpn on my pc.
This is my first experience owning an apple product, and I am very disappointed with the customer support that I have received. I tried calling the help line and no one would even attempt to answer my question. I was then told that the Mac "geniuses" wouldn't know either and that I may be able to find an answer on the message boards. So I am reaching out to the community...Has anyone been able to figure out how to resolve this issue or even the specific cause? Any help is appreciated. -
Could not validate base system?
Hi, my hard drive has blown up so I have installed another. However during the instalation of OS X Tiger it will lock up very near the beginning of the installation process and gives the following error message.
Installer Failed
The Installer Could Not Validate the Contents of the 'BaseSystem' package
I've tried with both the standard RAM and with 2x1Gb sticks of crucial memory.
How do I fix this error?
Thanks for the helpI'm a bit confused. In your first post you mention Tiger (OS 10.4.x) & in the second 10.5.
Assuming you mean the *Leopard retail installer disk* & you see this message when booted from it, there is most likely a problem with it -- but it would be a physical defect like a scratch or an error in pressing the copy. -
Installer could not validate...
I was using software update to get 10.5.8 and the garageband update but when the files were downloaded and about to be installed, I received the error message: "installer could not validate contents of the (garageband/10.5.8) package".
I have looked on other discussion topics and saw that repairing disk permissions often solved the problem, but it didn't do anything for me. When I repair disk permissions I get a bunch of "permissions differ..." messages but at the bottom it says "permissions repair complete".
Also, I tried downloading the updates directly from the apple website (including the combo update for 10.5.8) but those were both unable to be validated when they were downloaded
Is there something wrong with software update or my computer?
I don't have this problem downloading any other type of file
anything else i can do?help plz?
-
Installer could not validate the contents of the "BaseSystem"
Reference the quite volumnious "Installer could not validate the contents of the 'BaseSystem'".
Given the dual-layer DVD inserted in a single-layer SuperDrive fact, I tried installing just the Base System with nothing else and got the same error. On the surface, this may indicate that even the BaseSystem is spread out between both layers.
Has anyone tried making a DVD/CD Master sparse image, cloning it to a spare partition, restarting the Mac from this partition and installing Leopard on another partition or other drive? I got this idea from the indispensable "Macfixit.com" web site.
Would that totally eliminate trying to install an OS from a double-layer DVD in a single-layer Drive?
So I am trying to determine if anyone has been successful using this image approach.If the drive couldn't read DL DVDs, DVD Player would have trouble with most movies. There may be some burned DL DVDs that won't work in some drives, but factory pressed DL disks, such as Leopard, (if not defective) should be readable in any DVD drive. There may be defective discs, or defective drives, but a DL drive is not a requirement. The DL for a DVD drive only applies to its burning capability, not its reading capability.
-
Okay, so I recently got all the products I wanted from CC via the student subscription. It was a bit of a pain getting everything working, as windows explorer crashed and reopened during installation of CC and during an update. Once I finally got in and got everything installed, I thought I was golden, it was then that I discovered my troubles had only just begun. Whenever I tried to open a program it either closed almost immediately after Startup or closed after giving the message "Could not validate license". Thus far I have not found a solution, as the much touted log out and log in method failed me.
Any help in this area would be greatly appreciated as I am honestly at a loss on what to do.
Technical details:
The programs I tried were After Effects, Audition, Photoshop and Premiere.
I am using Windows 7.Link for Download & Install & Setup & Activation problems may help
-Online Chat http://www.adobe.com/support/download-install/supportinfo/
Maybe you are looking for
-
Assign Task to a specific user based on the value of DDL from the form
Hello, Can any one please advise me on how to assign a task to a specific user based on the value of the drop down list from the form. E.g. user fills the form and before they submit the form they have to select one of the name from the drop down lis
-
I get an error message everytime i try to open itunes.
And the meassage reads "The Itunes Library.itl file is locked, on a locked disk, or you do not whave write permission for the file." what does this mean and how do i fix it? I have uninstalled and then reinstalled and the problem remains.
-
Greetings Not having purchased any songs in a while, I decided to upgrade 2 of my iTunes albums. When I clicked the buy button, the window appeared telling me my account info has changed. When I put my password in and and click the billing info butto
-
Hi I have just discovered that read and write access to all our files and folders was changed to "gadmin" and pretty much everyone has read only access to the files. The files and folders are on a Mac, and the other users are on other Macs on the loc
-
I am trying to use a web service in HTMLDB from an application we have. When I go to "Workspace (my workspace)>Builder - Application 101>Shared Components>Create Web Service Reference" and enter in the http address for the WSDL, I get the error messa