Appian Community
Site
Search
Sign In/Register
Site
Search
User
DISCUSS
LEARN
SUCCESS
SUPPORT
Documentation
AppMarket
More
Cancel
I'm looking for ...
State
Not Answered
Replies
5 replies
Subscribers
9 subscribers
Views
1996 views
Users
0 members are here
Share
More
Cancel
Related Discussions
Home
»
Discussions
»
Administration
Hi, I'm testing Appian 7.3 with Jboss EAP 6.1 (java 1.7.21). I up
lorenzor
over 10 years ago
Hi,
I'm testing Appian 7.3 with Jboss EAP 6.1 (java 1.7.21).
I updated spring-security-kerberos-core.jar (class: SunJaasKerberosTicketValidator) as suggested in this page:
jira.springsource.org/.../SES-119
but SSO with kerberos doesn't work.
I can see this error on server-log:
BadCredentialsException: Kerberos validation not succesfull
Caused by: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Caused by: KrbException: Specified version of key is not available (44)
thanks
Lorenzo...
OriginalPostID-95804
OriginalPostID-95804
Discussion posts and replies are publicly visible
0
Patty Isecke
Appian Employee
over 10 years ago
Please ensure that your authentication files are properly configured:
forum.appian.com/.../Authentication
Do you have a typo in how you've configured your LDAP server?
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
lorenzor
over 10 years ago
Hi Patty,
I use config files from my old appian version (7.2).
I updated in spring-security-07-portal-override.xml as suggested in migration doc.
I changed SpringSecurityBeanPostProcessor into BeanPostProcessorForPortalAuth.
Authentication with LDAP works fine.
only kerberos doesn't work.
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
Mike Cichy
Appian Employee
over 10 years ago
Lorenzo, we are not really Kerberos experts and the error you are getting is not an Appian exception. I would suggest that you contact someone internally who has configured Kerberos SSO with their web app.
From experience, it seems to me that the version key is different in the keytab file and in the KDC (AD). I believe you can get the keytab version key using klist and the version key from AD using a network monitoring tool.
Good luck!
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
andrewk370
over 10 years ago
When you create your keytab did you specify the kvno as 0? I used the command ktab.exe -n 0 -a HTTP/USER PASSWORD -k appian.keytab. If the kvno for the ticket and for your keytab differ you will receive that error (after a quick googling)
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel
0
lorenzor
over 10 years ago
We have find an error into the script. now Kerberos works.
Thanks!
Cancel
Vote Up
0
Vote Down
Sign in to reply
Verify Answer
Cancel