Help

Questions & Answers

rumjack83
I'm new here
‎04-03-2017 12:18 AM

SSO Failure with Kerberos

Hello,

One of my Customers called me for Emergency Visit because their SSO to the JSP Website didn't work anymore.

I do not know anything about the FirstSpirit Version or Develpment. Like in big companys often played, the FirstSpirit things are done by another department somewhere...

Server: Apache Tomcat, Kerberos Auth working on Console...

Failure:

[21.03.2017 07:08:05] ERROR de.espirit.firstspirit.opt.personalisation.modules.login.KerberosLoginModule - login failed! Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

[21.03.2017 07:08:05] ERROR de.espirit.firstspirit.opt.personalisation.modules.login.KerberosLoginModule - login failed! Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] LoginModule done in 158 ms

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] LoginModule done in 158 ms

[21.03.2017 07:08:05] INFO  de.espirit.firstspirit.opt.personalisation.LoginManager - [SessionId: E4296FAC5E44701711036024B8000501] No user-data available.

[21.03.2017 07:08:05] INFO de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] No user-data available.

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] Trying to login user using login-package 'FIRSTPersonalisation_SWK_LDAP'...

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] Trying to login user using login-package 'FIRSTPersonalisation_SWK_LDAP'...

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager - [SessionId: E4296FAC5E44701711036024B8000501] Calling login-module...

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] Calling login-module...

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.modules.login.RequestParameterLoginModule - Getting login data...

[21.03.2017 07:08:05] DEBUG de.espirit.firstspirit.opt.personalisation.modules.login.RequestParameterLoginModule - Getting login data...

[21.03.2017 07:08:05] ERROR de.espirit.firstspirit.opt.personalisation.LoginManager  - [SessionId: E4296FAC5E44701711036024B8000501] No login-data available!

It looks like they're using a different Tipe of decrypt in Keytab, but this isn't. The decrypt Mehthos is exactly RC4 with HMAC...

On Console everything works.

My Question is: Do they have Problems with Server/Tomcat or can i give everything back to the FirstSpirit Developers...???

Thank You!!!!

Labels
0 Kudos
1 Reply
rednoss
I'm new here
‎04-13-2017 07:47 AM

Hello Michael,

please contact our technical support with your question.

Best regards

Rene

0 Kudos