Hi guys,
after upgrading to AE 12.3 i try to configure Single Sign-ON with Kerberos.
I've set up everything as described in the docu but its not working.
Ii'll have following error message:
D:\xxxx\ae\bin>java -Xmx512M -Dsun.security.krb5.debug=true -jar ucsrvjp.jar
UC4 XXXX#WP-Server Version 12.3.0+build.1563351461009 (PID=7988)
>>> KeyTabInputStream, readName(): XXXX.LOCAL
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxxxxx01.xxxx.local
>>> KeyTab: load() entry length: 62; type: 1
>>> KeyTabInputStream, readName(): XXXX.LOCAL
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxxxxx01.xxxx.local
>>> KeyTab: load() entry length: 62; type: 3
>>> KeyTabInputStream, readName(): XXXX.LOCAL
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxxxxx01.xxxx.local
>>> KeyTab: load() entry length: 70; type: 23
>>> KeyTabInputStream, readName(): XXXX.LOCAL
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxxxxx01.xxxx.local
>>> KeyTab: load() entry length: 86; type: 18
>>> KeyTabInputStream, readName(): XXXX.LOCAL
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): xxxxxx01.xxxx.local
>>> KeyTab: load() entry length: 70; type: 17
Java config name: D:\xxxx\ext_res\jdk1.8.0_144\jre\lib\security\krb5.conf
Loaded from Java config
Added key: 17version: 4
Added key: 18version: 4
Added key: 23version: 4
>>> KdcAccessibility: reset
Added key: 17version: 4
Added key: 18version: 4
Added key: 23version: 4
default etypes for default_tkt_enctypes: 23.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=xxxxxx01.xxxx.local UDP:88, timeout=30000, number of retries =3, #bytes=152
>>> KDCCommunication: kdc=xxxxxx01.xxxx.local UDP:88, timeout=30000,Attempt =1, #bytes=152
>>> KrbKdcReq send: error trying xxxxxx01.xxxx.local
java.net.PortUnreachableException: ICMP Port Unreachable
at java.net.DualStackPlainDatagramSocketImpl.socketReceiveOrPeekData(Native Method)
at java.net.DualStackPlainDatagramSocketImpl.receive0(DualStackPlainDatagramSocketImpl.java:124)
at java.net.AbstractPlainDatagramSocketImpl.receive(AbstractPlainDatagramSocketImpl.java:143)
at java.net.DatagramSocket.receive(DatagramSocket.java:812)
at sun.security.krb5.internal.UDPClient.receive(NetClient.java:206)
at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:411)
at sun.security.krb5.KdcComm$KdcCommunication.run(KdcComm.java:364)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.krb5.KdcComm.send(KdcComm.java:348)
at sun.security.krb5.KdcComm.sendIfPossible(KdcComm.java:253)
at sun.security.krb5.KdcComm.send(KdcComm.java:229)
at sun.security.krb5.KdcComm.send(KdcComm.java:200)
at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
at com.automic.sso.SingleSignOnHandler.getLoginContext(SingleSignOnHandler.java:215)
at com.automic.sso.SingleSignOnHandler.validateKerberosToken(SingleSignOnHandler.java:90)
at com.automic.sso.SingleSignOnHandler.handleMessage(SingleSignOnHandler.java:61)
at com.automic.kernel.impl.NATDispatcher.dispatch(NATDispatcher.java:46)
at com.automic.kernel.impl.MQRecordReader.execute(MQRecordReader.java:40)
at com.automic.kernel.impl.DBAction.execute(DBAction.java:152)
at com.automic.kernel.impl.DBAction.execute(DBAction.java:133)
at com.automic.kernel.impl.DBAction.execute(DBAction.java:115)
at com.automic.kernel.impl.MessageInQueue$1.runSave(MessageInQueue.java:57)
at com.automic.kernel.impl.ExecutorTaskWrapper.run(ExecutorTaskWrapper.java:34)
at com.automic.kernel.impl.MessageInQueue.readNewMessage(MessageInQueue.java:65)
at com.automic.kernel.impl.MessageInQueue.execute(MessageInQueue.java:31)
at com.automic.kernel.impl.NetworkMessageDispatcher$NetworkMessageRunnable.runSave(NetworkMessageDispatcher.java:117)
at com.automic.kernel.impl.ExecutorTaskWrapper.run(ExecutorTaskWrapper.java:34)
at com.automic.kernel.impl.NetworkMessageDispatcher.dispatch(NetworkMessageDispatcher.java:71)
at com.automic.kernel.impl.RunnableMessage.runSave(RunnableMessage.java:36)
at com.automic.kernel.impl.ExecutorTaskWrapper.run(ExecutorTaskWrapper.java:34)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
>>> KdcAccessibility: add xxxxxx01.xxxx.local
My krb5.conf looks like:
[libdefaults]
default_realm = XXXX.LOCAL
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
[domain_realm].
xxxx.local = XXXX.LOCAL
[realms]
XXXX.LOCAL = {
kdc = xxxxxx01.xxxx.local
admin_server = xxxxxx01.xxxx.local
}
[logging]default = FILE:\\L:\xxxx_logs\KDC
*****************************************************
Does anyone of you have an idea what i can check/configure to get it running? Currently i have no idea.
Thanks
regards,
Ben