The issue got resolved.
Original Message:
Sent: Feb 23, 2023 07:43 AM
From: Dominic Irudayasamy
Subject: AWI: received a NTLM ticket instead of a kerberos ticket
did you resolve the issue? I am getting the same error in Version 21.04. HF1
error:
2023-02-23 12:15:57,131 penssl-nio-8443-exec-1 [DEBUG] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 [com.uc4.ecc.plugins.
login.behaviours.kerberos.KerberosSSORequestHandler] - received a NTLM ticket instead of a kerberos ticket. This can happen
if the client is not in the same domain. Disable SSO for current user and downgrade to ECC authentication.
2023-02-23 12:15:57,131 penssl-nio-8443-exec-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 [com.uc4.ecc.framewor
k.entrypoint.vaadin14.V14Session] - + locked 79DFEA23814D7B77ABF583108E8B2B38 java.util.concurrent.locks.ReentrantLock@2343
cd7a[Locked by thread https-openssl-nio-8443-exec-1] --- holdcount: 1
2023-02-23 12:15:57,132 penssl-nio-8443-exec-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 [com.uc4.ecc.framewor
k.entrypoint.vaadin14.V14Session] - - unocked 79DFEA23814D7B77ABF583108E8B2B38 java.util.concurrent.locks.ReentrantLock@234
3cd7a[Unlocked] --- holdcount: 0
2023-02-23 12:15:57,315 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Operation failed. retrying in 377 ms
2023-02-23 12:15:57,315 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Sleep waiting for 377 ms
2023-02-23 12:15:57,692 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Operation failed. retrying in 610 ms
2023-02-23 12:15:57,692 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Sleep waiting for 610 ms
2023-02-23 12:15:58,303 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Operation failed. retrying in 987 ms
2023-02-23 12:15:58,303 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Sleep waiting for 987 ms
2023-02-23 12:15:59,290 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Operation failed. retrying in 1597 ms
2023-02-23 12:15:59,290 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Sleep waiting for 1597 ms
2023-02-23 12:16:00,887 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Operation failed. retrying in 2584 ms
2023-02-23 12:16:00,887 pool-1-thread-1 [TRACE] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.webui.comm
on.timer.Sleep] - Sleep waiting for 2584 ms
2023-02-23 12:16:03,471 pool-1-thread-1 [ERROR] NOLOGIN/- 79DFEA23814D7B77ABF583108E8B2B38-0 +1 [com.uc4.ecc.plugin
s.login.behaviours.kerberos.KerberosLoginBehaviour] - Login Type == Kerberos, but no Token Provider is given or no Token is
present!
java.lang.RuntimeException: java.lang.IllegalStateException: No Kerberos Token is present!
at com.uc4.webui.common.timer.Sleep.retry(Sleep.java:69)
at com.uc4.webui.common.timer.Sleep.retry(Sleep.java:77)
at com.uc4.ecc.plugins.login.behaviours.kerberos.KerberosLoginBehaviour.updateSSOToken(KerberosLoginBehaviour.java:
125)
------------------------------
Dominic I
Original Message:
Sent: Dec 06, 2018 08:40 AM
From: Michael Lowry
Subject: AWI: received a NTLM ticket instead of a kerberos ticket
I am running the AWI in a Platform-as-a-Service (PaaS) application cloud. Recently, I pushed the AWI to the cloud again, and discovered that Kerberos-based single sign-on (SSO) stopped working. I have compared working and non-working apps to try to find out where the problem is originating.
There is a message in both logs:
Requesting Authentication from client.
After this message, the working app shows this message:
received a kerberos token that appears to be valid
The not-working app shows this message instead:
received a NTLM ticket instead of a kerberos ticket. This can happen if the client is not in the same domain. Disable SSO for current user and downgrade to ECC authentication.
I enabled kerberos debugging by adding the following to JAVA_OPTS: '-Dsun.security.krb5.debug=true'. I can see in the log that the krb5 debug option is enabled, but I was not able to see any additional Kerberos debugging messages in the log.
I think something might have changed in the buildpack I'm using to push the app (java_buildpack), but I'm not sure what. Any ideas?