Hi, I'm testing Appian 7.3 with Jboss EAP 6.1 (java 1.7.21). I up

lorenzor over 10 years ago

Hi,
I'm testing Appian 7.3 with Jboss EAP 6.1 (java 1.7.21).
I updated spring-security-kerberos-core.jar (class: SunJaasKerberosTicketValidator) as suggested in this page:
jira.springsource.org/.../SES-119
but SSO with kerberos doesn't work.

I can see this error on server-log:

BadCredentialsException: Kerberos validation not succesfull
Caused by: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Specified version of key is not available (44))
Caused by: KrbException: Specified version of key is not available (44)

thanks
Lorenzo...

Discussion posts and replies are publicly visible

Parents

0 Mike Cichy
Appian Employee
over 10 years ago

Lorenzo, we are not really Kerberos experts and the error you are getting is not an Appian exception. I would suggest that you contact someone internally who has configured Kerberos SSO with their web app.
From experience, it seems to me that the version key is different in the keytab file and in the KDC (AD). I believe you can get the keytab version key using klist and the version key from AD using a network monitoring tool.
Good luck!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Mike Cichy
Appian Employee
over 10 years ago

Lorenzo, we are not really Kerberos experts and the error you are getting is not an Appian exception. I would suggest that you contact someone internally who has configured Kerberos SSO with their web app.
From experience, it seems to me that the version key is different in the keytab file and in the KDC (AD). I believe you can get the keytab version key using klist and the version key from AD using a network monitoring tool.
Good luck!
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data