nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Oracle Communities

Oracle Analytics and AI

Child Item

Getting error in configuring SSO in OBIEE

SonPat99

Dear GURUS,

I am trying to configure SSO in OBIEE using Kerberos.

I am referring the Oracle white-paper and https://blogs.oracle.com/cealteam/obiee-12c%3a-configuring-kerberos-sso-for-obiee-12c

I have completed the steps till creation of KEYTAB File.

I am firing the command to create Tickets, but this command is failing:

KRB5.ini details------------------------------------

[libdefaults]

default_realm = ******

default_tkt_enctypes = AES128-CTS-HMAC-SHA1-96

default_tgs_enctypes = AES128-CTS-HMAC-SHA1-96

permitted_enctypes = AES128-CTS-HMAC-SHA1-96

ticket_lifetime = 600

[realms]

am.tsacorp.com = {

kdc = ******** (given name of ldap and not IP)

admin_server = **********************

default_domain = *************************

}

[domain_realm]

.******************* = *********************

[appdefaults]

autologin = true

forward = true

forwardable = true

encrypt = true

Command firing (errored out)----

java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit –k –t <path_BI Domain>.keytab HTTP/<Principle_Name>

Output------------

Java config name: null

LSA: Found Ticket

LSA: Made NewWeakGlobalRef

LSA: Found PrincipalName

LSA: Made NewWeakGlobalRef

LSA: Found DerValue

LSA: Made NewWeakGlobalRef

LSA: Found EncryptionKey

LSA: Made NewWeakGlobalRef

LSA: Found TicketFlags

LSA: Made NewWeakGlobalRef

LSA: Found KerberosTime

LSA: Made NewWeakGlobalRef

LSA: Found String

LSA: Made NewWeakGlobalRef

LSA: Found DerValue constructor

LSA: Found Ticket constructor

LSA: Found PrincipalName constructor

LSA: Found EncryptionKey constructor

LSA: Found TicketFlags constructor

LSA: Found KerberosTime constructor

LSA: Finished OnLoad processing

Native config name: C:\Windows\krb5.ini

Loaded from native config

Exception: too many parameters

java.lang.IllegalArgumentException: too many parameters

at sun.security.krb5.internal.tools.KinitOptions.<init>(KinitOptions.jav

a:153)

at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:147)

at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)

Please suggest how to proceed here.

Thanks in advance.

Find more posts tagged with

Accepted answers

All comments

[Deleted User]

Which "command" is failing? That's an INI file you've posted. Are you saying ktpass is failing? What's the *exact* command you're firing off?

SonPat99

Hello Christian,

I have highlighted the command fired in RED and the error I am getting.

Reposting:

Command firing (errored out)----

java -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit –k –t <path_BI Domain>.keytab HTTP/<Principle_Name>

Output------------

Java config name: null

LSA: Found Ticket

LSA: Made NewWeakGlobalRef

LSA: Found PrincipalName

LSA: Made NewWeakGlobalRef

LSA: Found DerValue

LSA: Made NewWeakGlobalRef

LSA: Found EncryptionKey

LSA: Made NewWeakGlobalRef

LSA: Found TicketFlags

LSA: Made NewWeakGlobalRef

LSA: Found KerberosTime

LSA: Made NewWeakGlobalRef

LSA: Found String

LSA: Made NewWeakGlobalRef

LSA: Found DerValue constructor

LSA: Found Ticket constructor

LSA: Found PrincipalName constructor

LSA: Found EncryptionKey constructor

LSA: Found TicketFlags constructor

LSA: Found KerberosTime constructor

LSA: Finished OnLoad processing

Native config name: C:\Windows\krb5.ini

Loaded from native config

Exception: too many parameters

java.lang.IllegalArgumentException: too many parameters

at sun.security.krb5.internal.tools.KinitOptions.<init>(KinitOptions.jav

a:153)

at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:147)

at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)

[Deleted User]

My point is: Are you running that command manually? Or does it get generated? which exact step are you at in the PDFs of that blog post?

SonPat99

Sorry for not getting it at the first time...

I'm failing at step 4 of Part 2 "Test if the WebLogic Server is able to find the KDC Server and able to obtain a ticket or not:"

I'm running the command manually by filling in the required parameters.

The original command is : "kinit –k –t <keytab-file> HTTP/<Weblogic_HostName>", but due to some issue, it is throwing the error.

Hence, I tried to get debug details using "-Dsun.security.krb5.debug=true" in the original command.

Since, it is reading the "krb5.ini" and then failing, I have logged the krb5.ini details in the original request.

[Deleted User]

kinit -V –k –t /app/bi/12_2_1_4/user_projects/domains/bi/cofsm042.keytab HTTP/cofsm042

SonPat99

Yes, just a little change.

I'm having Windows 2012 R2 server, so the command becomes:

kinit –k –t /app/bi/12_2_1_4/user_projects/domains/bi/cofsm042.keytab HTTP/cofsm042

I'm on OBIEE 12.2.1.4 and Java version is Java 8.131

SonPat99

Dear GURUS,

I was somehow able to resolve the issue, however, I am facing some other issue now as below:
Exception: krb_error 0 Do not have keys of types listed in default_tkt_enctypes
available; only have keys of following type: No error
KrbException: Do not have keys of types listed in default_tkt_enctypes available
; only have keys of following type:
at sun.security.krb5.internal.crypto.EType.getDefaults(EType.java:280)
at sun.security.krb5.KrbAsReqBuilder.build(KrbAsReqBuilder.java:261)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:315)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:219)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:113)

Please help me resolve this.