Hi everyone,

Anyone facing problem with implementing Single Sign On with following error :

2015-10-08 16:29:44,768 - WARN : Validation of Kerberos ticket failed: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

2015-10-08 16:29:44,768 - WARN : java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

 at java.security.AccessController.doPrivileged(Native Method)

 at javax.security.auth.Subject.doAs(Subject.java:415)

 at com.aris.umc.authentication.kerberos.KerberosTicketValidator.getUsernameFromTicket(KerberosTicketValidator.java:57)

 at com.aris.umc.authentication.AuthenticationService.loginKerberos(AuthenticationService.java:473)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65.CGLIB$loginKerberos$42(<generated>)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65$$FastClassByGuice$$c2708af4.invoke(<generated>)

 at com.google.inject.internal.cglib.proxy.$MethodProxy.invokeSuper(MethodProxy.java:228)

 at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:72)

 at com.aris.umc.aop.ExceptionInterceptor.invoke(ExceptionInterceptor.java:29)

 at com.google.inject.internal.InterceptorStackCallback$InterceptedMethodInvocation.proceed(InterceptorStackCallback.java:72)

 at com.google.inject.internal.InterceptorStackCallback.intercept(InterceptorStackCallback.java:52)

 at com.aris.umc.authentication.AuthenticationService$$EnhancerByGuice$$1476bc65.loginKerberos(<generated>)

 at com.aris.umc.authentication.AuthenticationServiceFC.loginKerberos(AuthenticationServiceFC.java:67)

 at com.idsscheer.aris.umc.security.servlet.filter.AbstractAuthenticationFilter.loginAndSetContextKerberos(AbstractAuthenticationFilter.java:189)

 at com.idsscheer.aris.umc.security.servlet.filter.UmcAuthKerberosFilter.doFilterInternal(UmcAuthKerberosFilter.java:87)

 at com.idsscheer.aris.umc.security.servlet.filter.AbstractAuthenticationFilter.doFilter(AbstractAuthenticationFilter.java:91)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.softwareag.copernicus.web.servletFilter.CompressionFilter.applyGzipWrapper(CompressionFilter.java:137)

 at com.softwareag.copernicus.web.servletFilter.CompressionFilter.doFilter(CompressionFilter.java:80)

 at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163)

 at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58)

 at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118)

 at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113)

 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

 at org.apache.tomee.catalina.OpenEJBValve.invoke(OpenEJBValve.java:45)

 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)

 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:680)

 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

 at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)

 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)

 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)

 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)

 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)

 at java.lang.Thread.run(Thread.java:745)

Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)

 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)

 at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:875)

 at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:548)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)

 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)

 at com.aris.umc.authentication.kerberos.KerberosValidationAction.run(KerberosValidationAction.java:23)

 at com.aris.umc.authentication.kerberos.KerberosValidationAction.run(KerberosValidationAction.java:9)

 ... 42 more

Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC

 at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)

 at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)

 at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)

 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)

 ... 50 more

 

Notes that SSO was working earlier with ARIS 7.2 configuration.

Any reply appriciated.

Regards,

Wihemdra

 or register to reply.

Notify Moderator