3 Replies Latest reply: Oct 25, 2012 10:54 AM by Mohammed Rayan-Oracle RSS

    what dose this error means ? SSO Faild to authenticate

    SAMJO078
      this is written on UCM.log ,i am trying to login using Microsoft kerberos

      for queue: <1335097958894> <BEA-000000> <NegotiateIdentityAsserterServiceImpl.process() called>
      <1335097958894> <BEA-000000> <Auth type found for webapp didn't match known types: CLIENT_CERT,FORM>
      <1335097958910> <BEA-000000> <All request headers:>
      <1335097958910> <BEA-000000> < Header: Accept : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>
      <1335097958910> <BEA-000000> < Header: Referer : http://192.168.30.31:16200/cs/>
      <1335097958910> <BEA-000000> < Header: Accept-Language : en-us>
      <1335097958910> <BEA-000000> < Header: UA-CPU : x86>
      <1335097958910> <BEA-000000> < Header: Accept-Encoding : gzip, deflate>
      <1335097958910> <BEA-000000> < Header: User-Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)>
      <1335097958910> <BEA-000000> < Header: Host : 192.168.30.31:16200>
      <1335097958910> <BEA-000000> < Header: Connection : Keep-Alive>
      <1335097958910> <BEA-000000> < Header: Cookie : IdcLocale=English-US; IntradocAuth=Internet; JSESSIONID=jhfjPT6GfnpYQvL1TXkTyn094cvJ71HghYG8yG7h9zsn2CqZLg0J!-1885260414>
      <1335097958910> <BEA-000000> <Negotiate filter: new session, no negotiation has started>
      <1335097958910> <BEA-000000> <com.bea.common.security.internal.service.ChallengeIdentityAssertionServiceImpl.getChallengeToken (tokenType=WWW-Authenticate.Negotiate)>
      <1335097958910> <BEA-000000> <com.bea.common.security.internal.service.ChallengeIdentityAssertionTokenServiceImpl.getChallengeToken (tokenType=WWW-Authenticate.Negotiate)>
      <1335097958910> <BEA-000000> <com.bea.common.security.internal.legacy.service.ChallengeIdentityAssertionProviderImpl$ChallengeIdentityAsserterV2Adapter.getChallengeToken (tokenType=WWW-Authenticate.Negotiate)>
      <1335097958910> <BEA-000000> <Unauthorized, sending WWW-Authenticate: Negotiate>
      5097958910> <BEA-000000> <NegotiateIdentityAsserterServiceImpl.process() called>
      5097958910> <BEA-000000> <Auth type found for webapp didn't match known types: CLIENT_CERT,FORM>
      5097958910> <BEA-000000> <All request headers:>
      5097958910> <BEA-000000> < Header: Accept : image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*>
      5097958910> <BEA-000000> < Header: Referer : http://192.168.30.31:16200/cs/>
      5097958910> <BEA-000000> < Header: Accept-Language : en-us>
      5097958910> <BEA-000000> < Header: UA-CPU : x86>
      5097958910> <BEA-000000> < Header: Accept-Encoding : gzip, deflate>
      5097958910> <BEA-000000> < Header: User-Agent : Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; .NET CLR 1.1.4322)>
      5097958910> <BEA-000000> < Header: Host : 192.168.30.31:16200>
      5097958910> <BEA-000000> < Header: Connection : Keep-Alive>
      5097958910> <BEA-000000> < Header: Authorization : Negotiate TlRMTVNTUAABAAAAB7IIog0ADQAuAAAABgAGACgAAAAFAs4OAAAAD1VDTTExR0VURUNILVNZU1RFTVM=>
      5097958910> <BEA-000000> < Header: Cookie : IdcLocale=English-US; IntradocAuth=Internet; JSESSIONID=jhfjPT6GfnpYQvL1TXkTyn094cvJ71HghYG8yG7h9zsn2CqZLg0J!-1885260414>
      5097958910> <BEA-000000> < processing header: Negotiate TlRMTVNTUAABAAAAB7IIog0ADQAuAAAABgAGACgAAAAFAs4OAAAAD1VDTTExR0VURUNILVNZU1RFTVM=>
      5097958910> <BEA-000000> <SPNEGONegotiateToken.discriminate: not Application Constructed Object, not SPNEGO NegTokenInit token>
      5097958910> <BEA-000000> <Token not supported by Negotiate Filter, ignoring: NTLM>
      5097958910> <BEA-000000> <Negotiate filter: existing session, negotiation was started>
      5097958910> <BEA-000000> <Request doesn't have Negotiate response, Negotiate filter ignoring>
      5097958910> <BEA-000000> <Passing to next filter in the chain>
        • 1. Re: what dose this error means ? SSO Faild to authenticate
          user11979514
          ....5097958910> <BEA-000000> <Auth type found for webapp didn't match known types: CLIENT_CERT,FORM> ...

          check web.xml for

          <login-config>
          <auth-method>CLIENT-CERT</auth-method>
          </login-config>
          • 2. Re: what dose this error means ? SSO Faild to authenticate
            803725
            "If you look at the error Auth type found for webapp didn't match known types: CLIENT_CERT,FORM> "

            there is an CLIENT_underscore_CERT which seems to be coming due to some typo in the application web.xml descriptor which might have by mistake written as wrong character if you would have copied and pasted the same from somewhere. Try re-writing the tag in web.xml manually and check.
            • 3. Re: what dose this error means ? SSO Faild to authenticate
              Mohammed Rayan-Oracle
              Though the post looks very old dated back to "Apr 22, 2012 5:54 AM" :)

              The actual issue here is that the SSO failed due to the NTLM token received by the WLS,which was expecting a Kerberos token.


              5097958910> <BEA-000000> < processing header: Negotiate TlRMTVNTUAABAAAAB7IIog0ADQAuAAAABgAGACgAAAAFAs4OAAAAD1VDTTExR0VURUNILVNZU1RFTVM=>
              5097958910> <BEA-000000> <SPNEGONegotiateToken.discriminate: not Application Constructed Object, not SPNEGO NegTokenInit token>
              5097958910> <BEA-000000> <Token not supported by Negotiate Filter, ignoring: NTLM>



              Two known issues on this:


              1 SPN issues like wrong SPN entry/duplicate SPN's
              or
              2. your browser is not set up correctly.


              For more understanding on this,you can refer the below link


              http://www.oracle.com/technetwork/articles/idm/weblogic-sso-kerberos-1619890.html