Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 208 Big Data Appliance
- 1.9K Data Science
- 447.9K Databases
- 220.9K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 522 MySQL Community Space
- 465 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 490 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.1K SQL & PL/SQL
- 21K SQL Developer
- 293.2K Development
- 7 Developer Projects
- 128 Programming Languages
- 289.9K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.6K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 150 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 260 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 226 Portuguese
Error "Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ's authenticator)" u
Hi all,
Here the context.
- SAP Mobile platform requests a Kerberos ticket for a service. Delegation is configured for it's service user (User A can requests tickets for a service which belongs to a different user)
- With this ticket, SMP authenticates the user against tomcat where an application is running with Spring Security (JGSS is doing the magic behind)
- When the module tries to validate the ticket, we have the exception described in detail at the end of the post
Caused by: org.ietf.jgss.GSSException:Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ'sauthenticator)
- The funny thing is with the browser (without delegation) Kerberos is working properly.
¿Any idea about what could be causing this behavior?
Thanks in advance and best regards!
Raúl
Exception
Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: No cksum in AP_REQ's authenticator)
at sun.security.jgss.krb5.InitialToken$OverloadedChecksum.<init>(InitialToken.java:220) ~[na:1.8.0_101]
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:131) ~[na:1.8.0_101]
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:829) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~[na:1.8.0_101]
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:906) ~[na:1.8.0_101]
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:556) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342) ~[na:1.8.0_101]
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285) ~[na:1.8.0_101]
here debug info shown while trying to validate ticket
Found KeyTab
/neptuno/keys/keytab/dneptuno2.bshg.com.keytab for HTTP/[email protected]
Entered Krb5Context.acceptSecContext with state=STATE_NEW
Looking for keys for: HTTP/[email protected]EUCE.CORP.BSHG.COM
Added key: 23version: 2
>>> EType:
sun.security.krb5.internal.crypto.ArcFourHmacEType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 17 16 23.
>>> EType:
sun.security.krb5.internal.crypto.ArcFourHmacEType
MemoryCache: add 1472643443/068238/C4F3C48B35155EECCF2570E4D5EBF07E/[email protected]@EUCE.CORP.BSHG.COM
to [email protected]@EUCE.CORP.BSHG.COM|HTTP/[email protected]
MemoryCache: Existing AuthList:
#1: 1472643107/247289/F8C26EA6D6BB2269AE800A3954A305DE/[email protected]@EUCE.CORP.BSHG.COM
>>> KrbApReq: authenticate succeed.