Categories
- All Categories
- 10 Oracle Analytics Sharing Center
- 13 Oracle Analytics Lounge
- 208 Oracle Analytics News
- 41 Oracle Analytics Videos
- 15.6K Oracle Analytics Forums
- 6.1K Oracle Analytics Idea Labs
- Oracle Analytics User Groups
- 76 Oracle Analytics Trainings
- 14 Oracle Analytics Data Visualizations Challenge
- Find Partners
- For Partners
Getting error in configuring SSO in OBIEE
Dear GURUS,
I am trying to configure SSO in OBIEE using Kerberos.
I am referring the Oracle white-paper and https://blogs.oracle.com/cealteam/obiee-12c%3a-configuring-kerberos-sso-for-obiee-12c
I have completed the steps till creation of KEYTAB File.
I am firing the command to create Tickets, but this command is failing:
KRB5.ini details------------------------------------
[libdefaults]
default_realm = ******
default_tkt_enctypes = AES128-CTS-HMAC-SHA1-96
default_tgs_enctypes = AES128-CTS-HMAC-SHA1-96
permitted_enctypes = AES128-CTS-HMAC-SHA1-96
ticket_lifetime = 600
[realms]
am.tsacorp.com = {
kdc = ******** (given name of ldap and not IP)
admin_server = **********************
default_domain = *************************
}
[domain_realm]
.******************* = *********************
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
Command firing (errored out)----
java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit –k –t <path_BI Domain>.keytab HTTP/<Principle_Name>
Output------------
Java config name: null
LSA: Found Ticket
LSA: Made NewWeakGlobalRef
LSA: Found PrincipalName
LSA: Made NewWeakGlobalRef
LSA: Found DerValue
LSA: Made NewWeakGlobalRef
LSA: Found EncryptionKey
LSA: Made NewWeakGlobalRef
LSA: Found TicketFlags
LSA: Made NewWeakGlobalRef
LSA: Found KerberosTime
LSA: Made NewWeakGlobalRef
LSA: Found String
LSA: Made NewWeakGlobalRef
LSA: Found DerValue constructor
LSA: Found Ticket constructor
LSA: Found PrincipalName constructor
LSA: Found EncryptionKey constructor
LSA: Found TicketFlags constructor
LSA: Found KerberosTime constructor
LSA: Finished OnLoad processing
Native config name: C:\Windows\krb5.ini
Loaded from native config
Exception: too many parameters
java.lang.IllegalArgumentException: too many parameters
at sun.security.krb5.internal.tools.KinitOptions.<init>(KinitOptions.jav
a:153)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:147)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
Please suggest how to proceed here.
Thanks in advance.
Answers
-
Which "command" is failing? That's an INI file you've posted. Are you saying ktpass is failing? What's the *exact* command you're firing off?
0 -
Hello Christian,
I have highlighted the command fired in RED and the error I am getting.
Reposting:
Command firing (errored out)----
java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit –k –t <path_BI Domain>.keytab HTTP/<Principle_Name>
Output------------
Java config name: null
LSA: Found Ticket
LSA: Made NewWeakGlobalRef
LSA: Found PrincipalName
LSA: Made NewWeakGlobalRef
LSA: Found DerValue
LSA: Made NewWeakGlobalRef
LSA: Found EncryptionKey
LSA: Made NewWeakGlobalRef
LSA: Found TicketFlags
LSA: Made NewWeakGlobalRef
LSA: Found KerberosTime
LSA: Made NewWeakGlobalRef
LSA: Found String
LSA: Made NewWeakGlobalRef
LSA: Found DerValue constructor
LSA: Found Ticket constructor
LSA: Found PrincipalName constructor
LSA: Found EncryptionKey constructor
LSA: Found TicketFlags constructor
LSA: Found KerberosTime constructor
LSA: Finished OnLoad processing
Native config name: C:\Windows\krb5.ini
Loaded from native config
Exception: too many parameters
java.lang.IllegalArgumentException: too many parameters
at sun.security.krb5.internal.tools.KinitOptions.<init>(KinitOptions.jav
a:153)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:147)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)
0 -
My point is: Are you running that command manually? Or does it get generated? which exact step are you at in the PDFs of that blog post?
0 -
Sorry for not getting it at the first time...
I'm failing at step 4 of Part 2 "Test if the WebLogic Server is able to find the KDC Server and able to obtain a ticket or not:"
I'm running the command manually by filling in the required parameters.
The original command is : "kinit –k –t <keytab-file> HTTP/<Weblogic_HostName>", but due to some issue, it is throwing the error.
Hence, I tried to get debug details using "-Dsun.security.krb5.debug=true" in the original command.
Since, it is reading the "krb5.ini" and then failing, I have logged the krb5.ini details in the original request.
0 -
So
kinit -V –k –t /app/bi/12_2_1_4/user_projects/domains/bi/cofsm042.keytab HTTP/cofsm042
?
0 -
Yes, just a little change.
I'm having Windows 2012 R2 server, so the command becomes:
kinit –k –t /app/bi/12_2_1_4/user_projects/domains/bi/cofsm042.keytab HTTP/cofsm042
I'm on OBIEE 12.2.1.4 and Java version is Java 8.131
0 -
Dear GURUS,
I was somehow able to resolve the issue, however, I am facing some other issue now as below:
Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes
available; only have keys of following type: No error
KrbException: Do not have keys of types listed in default_tkt_enctypes available
; only have keys of following type:
at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113) Please help me resolve this.
0