Discussions
Categories
- 196.8K All Categories
- 2.2K Data
- 238 Big Data Appliance
- 1.9K Data Science
- 450.2K Databases
- 221.7K General Database Discussions
- 3.8K Java and JavaScript in the Database
- 31 Multilingual Engine
- 550 MySQL Community Space
- 478 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3K ORDS, SODA & JSON in the Database
- 544 SQLcl
- 4K SQL Developer Data Modeler
- 187K SQL & PL/SQL
- 21.3K SQL Developer
- 295.8K Development
- 17 Developer Projects
- 138 Programming Languages
- 292.5K Development Tools
- 107 DevOps
- 3.1K QA/Testing
- 646K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 154 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.1K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 18 Java Essentials
- 160 Java 8 Questions
- 86K Java Programming
- 80 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 204 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 437 LiveLabs
- 38 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 171 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 232 Portuguese
Kerberos SSO Error: "Cannot find key of appropriate type to decrypt"

rrdavis07
Member Posts: 3
I have an environment with several instances (PROD, Dev, UAT, Sandbox, etc) of a Weblogic-based application that have been set up with Kerberos SSO. All servers are essentially identical. Keytab files have been created using the KTPASS command. One of the instances is generating an error during SSO login. The pertinent section of the log:
(Nov 19 2019 15:22:45:[[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)']: ERROR com.deltek.enterprise.DEServer.system.security.authentication ) CPLogger.java - GSS-API error occured during Kerberos token processing GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96) (Nov 19 2019 15:22:45:[[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)']: ERROR Deltek.enterprise.DEServer.system.security.authentication) CPFilterPostKerberos.java - Invalid login information provided: Kerberos single sign-on authentication failed: Failed to retrieve User Principal Name from Kerberos token.
As far as error regarding: "Failed to retrieve UPN...", I've confirmed using SETSPN -L that the UPN does indeed exist.
Just to be clear, the instance of the application is a new instance and the keytab file was created at a different time than the other instances. However, the same command structure was used:
ktpass -princ HTTP/[email protected] -mapuser [email protected] -pass XXXXXXXX -crypto ALL -ptype KRB5_NT_PRINCIPAL -out c:\keytabfile.keytab
Anyone have any thoughts as to why SSO is not working on just this one instance?