ERROR IN SPNego Authentication

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

ERROR IN SPNego Authentication

Fabio Falcone
HI,

I have configured an SPNego Authentication Module with all steps to configure this module (keytab, etc).

Now when i try to authenticate I receveid this error in Authentication logs:


amAuthWindowsDesktopSSO:11/23/2016 05:24:03:780 PM CET: Thread[ajp-bio-7009-exec-3,5,main]

ERROR: Authentication failed with PrivilegedActionException wrapped GSSException. Stack Trace

GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)

at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)

at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)

at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO$1.run(WindowsDesktopSSO.java:260)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.Subject.doAs(Subject.java:415)

at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.authenticateToken(WindowsDesktopSSO.java:252)

at com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.process(WindowsDesktopSSO.java:187)

at com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)

at com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)

at sun.reflect.GeneratedMethodAccessor58.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:601)

at com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:210)

at com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123)

at com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:558)

at com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:699)

at com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1373)

at com.sun.identity.authentication.UI.LoginViewBean.processHttpCallback(LoginViewBean.java:1102)

at com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:966)

at com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862)

at com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)

at com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)

at com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)

at com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:112)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)

at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)

at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)

at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)

at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)

at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)

at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)

at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)

at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)

at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)

at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)

at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)

at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)

at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)

at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Thread.java:722)



I have already configured a same Authentication Module without issues.


Can you help me ?


Thanks


_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam
Reply | Threaded
Open this post in threaded view
|

Re: ERROR IN SPNego Authentication

Bernhard Thalmayr
When generating the keytab you should use flag

/crypto All

-Bernhard

P.S. This is not really OpenAM related.

Am 23/11/16 um 17:46 schrieb Pass:

> HI,
>
> I have configured an SPNego Authentication Module with all steps to
> configure this module (keytab, etc).
>
> Now when i try to authenticate I receveid this error in Authentication logs:
>
>
> amAuthWindowsDesktopSSO:11/23/2016 05:24:03:780 PM CET:
> Thread[ajp-bio-7009-exec-3,5,main]
>
> ERROR: Authentication failed with PrivilegedActionException wrapped
> GSSException. Stack Trace
>
> GSSException: Failure unspecified at GSS-API level (Mechanism level:
> Invalid argument (400) - Cannot find key of appropriate type to decrypt
> AP REP - RC4 with HMAC)
>
> at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
>
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
>
> at
> sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
>
> at
> com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO$1.run(WindowsDesktopSSO.java:260)
>
> at java.security.AccessController.doPrivileged(Native Method)
>
> at javax.security.auth.Subject.doAs(Subject.java:415)
>
> at
> com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.authenticateToken(WindowsDesktopSSO.java:252)
>
> at
> com.sun.identity.authentication.modules.windowsdesktopsso.WindowsDesktopSSO.process(WindowsDesktopSSO.java:187)
>
> at
> com.sun.identity.authentication.spi.AMLoginModule.wrapProcess(AMLoginModule.java:1023)
>
> at
> com.sun.identity.authentication.spi.AMLoginModule.login(AMLoginModule.java:1197)
>
> at sun.reflect.GeneratedMethodAccessor58.invoke(Unknown Source)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:601)
>
> at
> com.sun.identity.authentication.jaas.LoginContext.invoke(LoginContext.java:210)
>
> at
> com.sun.identity.authentication.jaas.LoginContext.login(LoginContext.java:123)
>
> at
> com.sun.identity.authentication.service.AMLoginContext.runLogin(AMLoginContext.java:558)
>
> at
> com.sun.identity.authentication.server.AuthContextLocal.submitRequirements(AuthContextLocal.java:699)
>
> at
> com.sun.identity.authentication.UI.LoginViewBean.processLoginDisplay(LoginViewBean.java:1373)
>
> at
> com.sun.identity.authentication.UI.LoginViewBean.processHttpCallback(LoginViewBean.java:1102)
>
> at
> com.sun.identity.authentication.UI.LoginViewBean.getLoginDisplay(LoginViewBean.java:966)
>
> at
> com.sun.identity.authentication.UI.LoginViewBean.processLogin(LoginViewBean.java:862)
>
> at
> com.sun.identity.authentication.UI.LoginViewBean.forwardTo(LoginViewBean.java:519)
>
> at
> com.iplanet.jato.ApplicationServletBase.dispatchRequest(ApplicationServletBase.java:981)
>
> at
> com.iplanet.jato.ApplicationServletBase.processRequest(ApplicationServletBase.java:615)
>
> at
> com.iplanet.jato.ApplicationServletBase.doGet(ApplicationServletBase.java:459)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:624)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>
> at
> org.forgerock.openam.validation.ResponseValidationFilter.doFilter(ResponseValidationFilter.java:44)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>
> at org.forgerock.openam.xui.XUIFilter.doFilter(XUIFilter.java:112)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>
> at com.sun.identity.setup.AMSetupFilter.doFilter(AMSetupFilter.java:100)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
>
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
>
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
>
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
>
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
>
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
>
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
>
> at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
>
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
>
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
>
> at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:190)
>
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
>
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>
> at
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
>
> at java.lang.Thread.run(Thread.java:722)
>
>
>
> I have already configured a same Authentication Module without issues.
>
>
> Can you help me ?
>
>
> Thanks
>
>
>
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> [hidden email]
> https://lists.forgerock.org/mailman/listinfo/openam
>


--
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

[hidden email] - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]
https://lists.forgerock.org/mailman/listinfo/openam