Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Issues Implementing SSO on Linux using Kerberos

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[CLOSED] Issues Implementing SSO on Linux using Kerberos
 Login/Join
 
Member
posted
Hi,
We are trying to Implement SSO USING TOMCAT/IIS/KERBEROS Authentication on WebFOCUS 8.2.04 on Linux OS using the instructions provided in the WebFOCUS Security and Administration Manual and we are getting the following error
'Cannot create inner bean 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#2abc4d56' of type [com.ibi.webapp.security.kerberos.WFKerberosTicketValidator] while setting bean property 'ticketValidator'; '

Just Wondering If anybody has already Implemented SSO using Kerberos on Linux and could share their experience or notes would be helpful.
Thanks
Kiron

This message has been edited. Last edited by: FP Mod Chuck,


WebFOCUS 8.2/Linux
 
Posts: 6 | Registered: May 24, 2017Report This Post
Virtuoso
posted Hide Post
Have you updated your krb5-ini file to specificy encryption type?


WebFOCUS 8206, Unix, Windows
 
Posts: 1853 | Location: New York City | Registered: December 30, 2015Report This Post
Member
posted Hide Post
Yes,
we updated the krb5.conf file with the correct Encryption Type.


WebFOCUS 8.2/Linux
 
Posts: 6 | Registered: May 24, 2017Report This Post
Virtuoso
posted Hide Post
Kiron

I found this on techsupport. I hope it helps.

Solution Notes
Symptom


Kerberos authentication fails with error message in websecurity.log:

Error creating bean with name 'com.ibi.webapp.security.kerberos.WFKerberosTicketValidator#62e81ae5' defined in ServletContext resource [/WEB-INF/was/security-main.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Do not have keys of types listed in default_tkt_enctypes available; only have keys of following type: AES256 CTS mode with HMAC SHA1-96

Problem


The krb5.ini file did not specify the correct encryption type. The error message is indicating it is missing aes256-cts-hmac-sha1-96 encryption type.

Solution


Update the krb5-ini file to specificy encryption type aes256-cts-hmac-sha1-96.

before update:

default_tkt_enctypes = aes128-cts-hmac-sha1-96
default_tgs_enctypes = aes128-cts-hmac-sha1-96

After update:

default_tkt_enctypes = aes256-cts-hmac-sha1-96
default_tgs_enctypes = aes256-cts-hmac-sha1-96


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
Member
posted Hide Post
Thanks for the information. We are currently using aes256 in the krb5.conf file and that matches our Keytab file encryption.


WebFOCUS 8.2/Linux
 
Posts: 6 | Registered: May 24, 2017Report This Post
Virtuoso
posted Hide Post
Kiron

That was all I could find.. Unless someone else chimes in I think you should open a case with techsupport.


Thank you for using Focal Point!

Chuck Wolff - Focal Point Moderator
WebFOCUS 7x and 8x, Windows, Linux All output Formats
 
Posts: 2127 | Location: Customer Support | Registered: April 12, 2005Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [CLOSED] Issues Implementing SSO on Linux using Kerberos

Copyright © 1996-2020 Information Builders