[CLOSED] Issues Implementing SSO on Linux using Kerberos
Hi, We are trying to Implement SSO USING TOMCAT/IIS/KERBEROS Authentication on WebFOCUS 8.2.04 on Linux OS using the instructions provided in the WebFOCUS Security and Administration Manual and we are getting the following error 'Cannot create inner bean 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#2abc4d56' of type [com.ibi.webapp.security.kerberos.WFKerberosTicketValidator] while setting bean property 'ticketValidator'; '
Just Wondering If anybody has already Implemented SSO using Kerberos on Linux and could share their experience or notes would be helpful. Thanks KironThis message has been edited. Last edited by: FP Mod Chuck,
WebFOCUS 8.2/Linux
November 20, 2018, 02:00 PM
BabakNYC
Have you updated your krb5-ini file to specificy encryption type?
WebFOCUS 8206, Unix, Windows
November 20, 2018, 02:20 PM
kiron
Yes, we updated the krb5.conf file with the correct Encryption Type.
WebFOCUS 8.2/Linux
November 20, 2018, 02:26 PM
FP Mod Chuck
Kiron
I found this on techsupport. I hope it helps.
Solution Notes Symptom
Kerberos authentication fails with error message in websecurity.log:
Error creating bean with name 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#62e81ae5' defined in ServletContext resource [/WEB-INF/was/security-main.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type: AES256 CTS mode with HMAC SHA1-96
Problem
The krb5.ini file did not specify the correct encryption type. The error message is indicating it is missing aes256-cts-hmac-sha1-96 encryption type.
Solution
Update the krb5-ini file to specificy encryption type aes256-cts-hmac-sha1-96.