Hi,
I have spent quite a while now looking for a resolution so I decided to post finally. I am trying SSO and am getting an error. This is the error I am getting when going to BI Launchpad
HTTP Status 500 - com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 18, KVNO 2, Principal "HTTP/biwebdev1.corp.domain.com@CORP.DOMAIN.COM" using key: Principal: [1] BOSSO/SVC_BOE_DEV.corp.domain.com@CORP.DOMAIN.COM TimeStamp: Wed Jul 29 02:16:16 CDT 2015 KVNO: -1 EncType: 18 Key: 32 bytes, fingerprint = [4f 2 e1 98 79 dd 53 1 92 45 6e 61 29 eb a8 fb] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] )
This is the end of the stderr.log file
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: GSS: Acceptor supports: KRB5
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: Ticket service name is: HTTP/biwebdev1.corp.Domain.com@CORP.DOMAIN.COM
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: GSS name is: BOSSO/SVC_BOE_DEV.corp.Domain.com@CORP.DOMAIN.COM
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: Using keytab entry for: BOSSO/SVC_BOE_DEV.corp.Domain.com@CORP.DOMAIN.COM
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: ** decrypting ticket .. **
with key
Principal: BOSSO/SVC_BOE_DEV.corp.domain.com@CORP.DOMAIN.COM
Type: 1
TimeStamp: Wed Jul 29 02:16:16 CDT 2015
KVNO: -1
Key: [18, 75 67 53 b4 8 b0 df 1b 4d 2f a0 8a 13 bc aa f a e7 ff bd 47 f7 6c 3c 38 2d 9e 4a ca 43 b2 70 ]
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: Could not decrypt service ticket with Key type 18, KVNO 2, Principal "HTTP/biwebdev1.corp.domain.com@CORP.DOMAIN.COM" using key:
Principal: [1] BOSSO/SVC_BOE_DEV.corp.domain.com@CORP.DOMAIN.COM
TimeStamp: Wed Jul 29 02:16:16 CDT 2015
KVNO: -1
EncType: 18
Key: 32 bytes, fingerprint = [4f 2 e1 98 79 dd 53 1 92 45 6e 61 29 eb a8 fb]
Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem]
[Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?]
[DEBUG] Wed Jul 29 02:18:38 CDT 2015 jcsi.kerberos: Caused by: com.dstc.security.kerberos.CryptoException, Integrity check failure
This is my global.properties file
sso.enabled=true
siteminder.enabled=false
vintela.enabled=true
idm.realm=CORP.DOMAIN.COM
idm.princ=BOSSO/SVC_BOE_DEV.corp.domain.com
idm.allowUnsecured=true
idm.allowNTLM=false
idm.logger.name=simple
idm.logger.props=error-log.properties
idm.keytab=E:/WINNT/DEV-TESTSSO.KEYTAB
BILaunchpad.properties file
authentication.visible=true
authentication.default=secWinAD
cms.default=BIAPPDEV1:6400
These are my tomcat java options
-Djava.library.path=C:\Windows\SysWOW64\;E:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\win64_x64\
-Dcatalina.base=E:\Program Files (x86)\SAP BusinessObjects\tomcat\
-Dcatalina.home=E:\Program Files (x86)\SAP BusinessObjects\tomcat\
-Djava.endorsed.dirs=E:\Program Files (x86)\SAP BusinessObjects\tomcat\common\endorsed\
-Dbobj.enterprise.home=E:\Program Files (x86)\SAP BusinessObjects\SAP BusinessObjects Enterprise XI 4.0\
-Xrs
-XX:MaxPermSize=384M
-Djava.awt.headless=true
-XX:+HeapDumpOnOutOfMemoryError
-Xloggc:E:\Program Files (x86)\SAP BusinessObjects\tomcat\logs\tomcat.gc.log
-XX:+PrintGCDetails
-XX:+UseParallelOldGC
-Djava.security.auth.login.config=E:\WINNT\bscLogin.conf
-Djava.security.krb5.conf=E:\WINNT\krb5.ini
-Djcsi.kerberos.debug=true
AD manual login is working great. Someone please help!