• State Not Answered
  • Replies 8 replies
  • Subscribers 9 subscribers
  • Views 4993 views
  • Users 0 members are here
Related Discussions
Home » Discussions » Administration

I am trying to set up kerberos on Appian 7.6, but I am getting following e

foussenik

I am trying to set up kerberos on Appian 7.6, but I am getting following exception.

2015-01-16 20:02:38,529 [ajp-/0.0.0.0:8009-1] WARN org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter - Negotiate Header was invalid: Negotiate
org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesfull
          at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:69)
          at org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:86)
          at com.appiancorp.suiteapi.security.auth.AuthenticationProviderWrapper.authenticate(AuthenticationProviderWrapper.java:86)
          at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
          at org.springframework.security.extensions.kerberos.web.SpnegoAuthentic...

OriginalPostID-135266

OriginalPostID-135266

  Discussion posts and replies are publicly visible

  • 0
    ...ationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:147)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
              at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
              at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
              at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
              at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
              at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
              at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
              at org.springframework.web.filter.DelegatingFilte...
  • 0
    ...rProxy.doFilter(DelegatingFilterProxy.java:259)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
              at com.appiancorp.ap2.environment.EnvironmentFilter.doFilter(EnvironmentFilter.java:86)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
              at com.appiancorp.common.web.WeblogicSessionAttributeClassLoaderRequestFilter.doFilter(WeblogicSessionAttributeClassLoaderRequestFilter.java:256)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
              at com.appiancorp.ap2.NullByteInjectionFilter.doFilter(NullByteInjectionFilter.java:32)
              at org.apache.cata...
  • 0
    ... lina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
              at com.appiancorp.ap2.EncodingFilter.doFilter(EncodingFilter.java:56)
              at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
              at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
              at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
              at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407)
              at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
              at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50)
              at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityConte...
  • 0
    ... xtAssociationValve.java:169)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)
              at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:488)
              at org.apache.coyote.ajp.AjpProtocol$AjpConnectionHandler.process(AjpProtocol.java:420)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)
              at java.lang.Thread.run(Thread.java:745)
    Caused by: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.Subject.doAs(Subject.java:415)
              at org....
  • 0
    ... springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:67)
              ... 41 more
    Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
              at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
              at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
              at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
              at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:875)
              at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:548)
              at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
              at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
              at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$Kerbero...
  • 0
    ... sValidateAction.run(SunJaasKerberosTicketValidator.java:146)
              at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:136)
              ... 44 more
    Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
              at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)
              at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
              at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
              at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
              ... 52 more
  • 0
    Appian Employee
    It looks like there is an issue with the keys found in the Kerberos keytab. The Kerberos keytab should be encrypted will all types, so it is possible that the defaults for the encryption are not set on the account side.

    Here another link that might help you with the same:
    -> stackoverflow.com/.../badcredentialsexception-kerberos-validation-not-succesfull
  • 0 in reply to foussenik

    Hello Foussenik,

    Could you please tell how the Kerberos is working on the Mobile devices?

© 2024 Appian. All rights reserved.
We want to hear from you! Submit a review on Gartner or G2.