Focal Point Banner
Community Center Education Summit Technical Support User Groups
Let's Get Social!

Facebook Twitter LinkedIn YouTube
Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Issues Implementing SSO on Linux using Kerberos
Go
New
Search
Notify
Tools
Reply
  
[CLOSED] Issues Implementing SSO on Linux using Kerberos
 Login/Join
 
Member
posted
Hi,
We are trying to Implement SSO USING TOMCAT/IIS/KERBEROS Authentication on WebFOCUS 8.2.04 on Linux OS using the instructions provided in the WebFOCUS Security and Administration Manual and we are getting the following error
'Cannot create inner bean 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#2abc4d56' of type [com.ibi.webapp.security.kerberos.WFKerberosTicketValidator] while setting bean property 'ticketValidator'; '

Just Wondering If anybody has already Implemented SSO using Kerberos on Linux and could share their experience or notes would be helpful.
Thanks
Kiron

This message has been edited. Last edited by: FP Mod Chuck,


WebFOCUS 8.2/Linux
 
Posts: 3 | Registered: May 24, 2017Reply With QuoteReport This Post
Virtuoso
posted Hide Post
Have you updated your krb5-ini file to specificy encryption type?


WebFOCUS 8203, Unix, Windows
 
Posts: 1294 | Location: New York City | Registered: December 30, 2015Reply With QuoteReport This Post
Member
posted Hide Post
Yes,
we updated the krb5.conf file with the correct Encryption Type.


WebFOCUS 8.2/Linux
 
Posts: 3 | Registered: May 24, 2017Reply With QuoteReport This Post
Virtuoso
posted Hide Post
Kiron

I found this on techsupport. I hope it helps.

Solution Notes
Symptom


Kerberos authentication fails with error message in websecurity.log:

Error creating bean with name 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#62e81ae5' defined in ServletContext resource [/WEB-INF/was/security-main.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type: AES256 CTS mode with HMAC SHA1-96

Problem


The krb5.ini file did not specify the correct encryption type. The error message is indicating it is missing aes256-cts-hmac-sha1-96 encryption type.

Solution


Update the krb5-ini file to specificy encryption type aes256-cts-hmac-sha1-96.

before update:

default_tkt_enctypes = aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes128-cts-hmac-sha1-96

After update:

default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 1190 | Location: Customer Support | Registered: April 12, 2005Reply With QuoteReport This Post
Member
posted Hide Post
Thanks for the information. We are currently using aes256 in the krb5.conf file and that matches our Keytab file encryption.


WebFOCUS 8.2/Linux
 
Posts: 3 | Registered: May 24, 2017Reply With QuoteReport This Post
Virtuoso
posted Hide Post
Kiron

That was all I could find.. Unless someone else chimes in I think you should open a case with techsupport.


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 1190 | Location: Customer Support | Registered: April 12, 2005Reply With QuoteReport This Post
  Powered by Social Strata  
 

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Issues Implementing SSO on Linux using Kerberos

Copyright © 1996-2018 Information Builders, leaders in enterprise business intelligence.