Automic Workload Automation

AWI: received a NTLM ticket instead of a kerberos ticket

  • 1.  AWI: received a NTLM ticket instead of a kerberos ticket

    Posted 12-06-2018 08:40 AM

    I am running the AWI in a Platform-as-a-Service (PaaS) application cloud. Recently, I pushed the AWI to the cloud again, and discovered that Kerberos-based single sign-on (SSO) stopped working. I have compared working and non-working apps to try to find out where the problem is originating.

     

    There is a message in both logs:

    Requesting Authentication from client.

    After this message, the working app shows this message:

    received a kerberos token that appears to be valid

    The not-working app shows this message instead:

    received a NTLM ticket instead of a kerberos ticket. This can happen if the client is not in the same domain. Disable SSO for current user and downgrade to ECC authentication.

     

    I enabled kerberos debugging by adding the following to JAVA_OPTS: '-Dsun.security.krb5.debug=true'. I can see in the log that the krb5 debug option is enabled, but I was not able to see any additional Kerberos debugging messages in the log.

     

    I think something might have changed in the buildpack I'm using to push the app (java_buildpack), but I'm not sure what. Any ideas?