ARIS Process Mining in action - Live Demo
Register
ARIS Process Mining in action - Live Demo
Register
ARIS Process Mining in action - Live Demo
Register
View all
Join now

Kerberos Single Sign On in ARIS 9.7 Issue

WH
Posted by Wihemdra Halim
Posted on in Professional ARIS

Hi everyone,

Anyone facing problem with implementing Single Sign On with following error :

2015-10-08 16:29:44,768 - WARN : Validation of Kerberos ticket failed: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

2015-10-08 16:29:44,768 - WARN : java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

 at java.security.AccessController.doPrivileged(Native Method)

 at javax.security.auth.Subject.doAs(Subject.java:415)

 at com.aris.umc.authentication.kerberos.KerberosTicketValidator.getUsernameFromTicket(KerberosTicketValidator.java:57)

 at com.aris.umc.authentication.AuthenticationService.loginKerberos(AuthenticationService.java:473)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65.CGLIB$loginKerberos$42(<generated>)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65$$FastClassByGuice$$c2708af4.invoke(<generated>)

 at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)

 at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:72)

 at com.aris.umc.aop.ExceptionInterceptor.invoke(ExceptionInterceptor.java:29)

 at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:72)

 at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:52)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65.loginKerberos(<generated>)

 at com.aris.umc.authentication.AuthenticationServiceFC.loginKerberos(AuthenticationServiceFC.java:67)

 at com.idsscheer.aris.umc.security.servlet.filter.AbstractAuthenticationFilter.loginAndSetContextKerberos(AbstractAuthenticationFilter.java:189)

 at com.idsscheer.aris.umc.security.servlet.filter.UmcAuthKerberosFilter.doFilterInternal(UmcAuthKerberosFilter.java:87)

 at com.idsscheer.aris.umc.security.servlet.filter.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:91)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.softwareag.copernicus.web.servletFilter.CompressionFilter.applyGzipWrapper(CompressionFilter.java:137)

 at com.softwareag.copernicus.web.servletFilter.CompressionFilter.doFilter(CompressionFilter.java:80)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)

 at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)

 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

 at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45)

 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:680)

 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

 at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)

 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)

 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

 at java.lang.Thread.run(Thread.java:745)

Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)

 at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:875)

 at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:548)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)

 at com.aris.umc.authentication.kerberos.KerberosValidationAction.run(KerberosValidationAction.java:23)

 at com.aris.umc.authentication.kerberos.KerberosValidationAction.run(KerberosValidationAction.java:9)

 ... 42 more

Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

 at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)

 at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)

 at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)

 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)

 ... 50 more

 

Notes that SSO was working earlier with ARIS 7.2 configuration.

Any reply appriciated.

Regards,

Wihemdra

26k
0

Featured achievement

Rookie
Say hello to the ARIS Community! Personalize your community experience by following forums or tags, liking a post or uploading a profile picture.
Recent Unlocks

Leaderboard

|

View posts by tag

icon-arrow-down icon-arrow-cerulean-left icon-arrow-cerulean-right icon-arrow-down icon-arrow-left icon-arrow-right icon-arrow icon-back icon-close icon-comments icon-correct-answer icon-tick icon-download icon-facebook icon-flag icon-google-plus icon-hamburger icon-in icon-info icon-instagram icon-login-true icon-login icon-mail-notification icon-mail icon-mortarboard icon-newsletter icon-notification icon-pinterest icon-plus icon-rss icon-search icon-share icon-shield icon-snapchat icon-star icon-tutorials icon-twitter icon-universities icon-videos icon-views icon-whatsapp icon-xing icon-youtube icon-jobs icon-heart icon-heart2 aris-express bpm-glossary help-intro help-design Process_Mining_Icon help-publishing help-administration help-dashboarding help-archive help-risk icon-knowledge icon-question icon-events icon-message icon-more icon-pencil forum-icon icon-lock