null credentials from Ticket Cache

Saravana Kumar Ananthakrishnan, ASDC Chennai saravanaa at hcltech.com
Tue Oct 11 07:18:31 EDT 2005 

Hi,

I am trying to configure SSO using Weblogic 8.1 SP4 for microsoft
clients. ADS and Weblogic 8.1 SP4 are running on Windows 2003 server. I
have followed the steps given in the document and ran the application.
Getting following exception from the server.

I have already added "allowtgtsessionkey" in the windows registry.

Any help is appreciated.

Thanks in advance,
Saravana

<Oct 11, 2005 6:18:55 PM GMT+08:00> <Info> <Socket> <BEA-000436>
<Allocating 3 r
eader threads.>
<Oct 11, 2005 6:18:55 PM GMT+08:00> <Info> <Socket> <BEA-000440>
<NativeIO Enabl
ed>
<Oct 11, 2005 6:18:55 PM GMT+08:00> <Notice> <WebLogicServer>
<BEA-000331> <Star
ted WebLogic Admin Server "myserver" for domain "uradomain" running in
Developme
nt Mode>
<Oct 11, 2005 6:18:55 PM GMT+08:00> <Notice> <WebLogicServer>
<BEA-000355> <Thre
ad "ListenThread.Default" listening on port 7001, ip address *.*>
<Oct 11, 2005 6:18:55 PM GMT+08:00> <Notice> <WebLogicServer>
<BEA-000360> <Serv
er started in RUNNING mode>
<Oct 11, 2005 6:18:55 PM GMT+08:00> <Info> <Management> <BEA-140009>
<Configurat
ion changes for the domain have been saved to the repository.>
<Oct 11, 2005 6:18:56 PM GMT+08:00> <Info> <Configuration Management>
<BEA-15000
7> <The booted configuration .\config.xml has been backed up at
D:\SivaKumarD\ur
adomain\.\config.xml.booted.>
<Oct 11, 2005 6:30:21 PM GMT+08:00> <Info> <WebLogicServer> <BEA-000213>
<Adding
 address: 172.16.10.57 to licensed client list>
<Oct 11, 2005 6:30:32 PM GMT+08:00> <Debug> <SecurityDebug> <000000>
<PrincipalA
uthenticator.assertIdentity - Token Type: Authorization>
<Oct 11, 2005 6:30:32 PM GMT+08:00> <Debug> <SecurityDebug> <000000>
<Found Nego
tiate with SPNEGO token>
Debug is  true storeKey true useTicketCache true useKeyTab true
doNotPrompt fals
e ticketCache is null KeyTab is mykeytab refreshKrb5Config is false
principal is
 hcl-picmsvpcprk at WEBLOGIC.HCL.COM tryFirstPass is false useFirstPass is
false st
orePass is false clearPass is false
>>>KinitOptions cache name is C:\Documents and
Settings\Administrator.HCL-PICMSV
PCPRK\krb5cc_administrator
Principal is hcl-picmsvpcprk at WEBLOGIC.HCL.COM
null credentials from Ticket Cache
>>> KeyTab: load() entry length: 58
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.com
>>> KeyTabInputStream, readName(): hcl-picmsvpcprk
>>> KeyTab: load() entry length: 58
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.com
>>> KeyTabInputStream, readName(): hcl-picmsvpcprk
>>> KeyTab: load() entry length: 74
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.com
>>> KeyTabInputStream, readName(): hcl-picmsvpcprk
>>> KeyTab: load() entry length: 58
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.COM
>>> KeyTabInputStream, readName(): weblogicservice
>>> KeyTab: load() entry length: 58
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.COM
>>> KeyTabInputStream, readName(): weblogicservice
>>> KeyTab: load() entry length: 74
>>> KeyTabInputStream, readName(): WEBLOGIC.HCL.COM
>>> KeyTabInputStream, readName(): weblogicservice
principal's key obtained from the keytab
principal is hcl-picmsvpcprk at WEBLOGIC.HCL.COM
                [Krb5LoginModule] authentication failed
KDC has no support for encryption type (14)
<Oct 11, 2005 6:30:32 PM GMT+08:00> <Debug> <SecurityDebug> <000000>
<GSS except
ion GSSException: No valid credentials provided (Mechanism level:
Attempt to obt
ain new ACCEPT credentials failed!)
GSSException: No valid credentials provided (Mechanism level: Attempt to
obtain
new ACCEPT credentials failed!)
        at
sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5Acc
eptCredential.java:189)
        at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCre
dential.java:80)
        at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechF
actory.java:75)
        at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.
java:149)
        at
sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
        at
sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)

        at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java
:102)
        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:277)
        at
sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java
:246)
        at
weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SP
NEGONegotiateToken.java:371)
        at
weblogic.security.providers.authentication.SinglePassNegotiateIdentit
yAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserter
Provider
Impl.java:201)
        at
weblogic.security.service.PrincipalAuthenticator.assertIdentity(Princ
ipalAuthenticator.java:553)
        at
weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(C
ertSecurityModule.java:104)
        at
weblogic.servlet.security.internal.SecurityModule.beginCheck(Security
Module.java:199)
        at
weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecu
rityModule.java:86)
        at
weblogic.servlet.security.internal.ServletSecurityManager.checkAccess
(ServletSecurityManager.java:145)
        at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
rvletContext.java:3685)
        at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
pl.java:2644)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
Caused by: javax.security.auth.login.LoginException: KDC has no support
for encr
yption type (14)
        at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:585)
        at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.ja
va:475)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
        at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
29)
        at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
        at java.security.AccessController.doPrivileged(Native Method)
        at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
:607)
        at
javax.security.auth.login.LoginContext.login(LoginContext.java:534)
        at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
        at java.security.AccessController.doPrivileged(Native Method)
        at
sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5Acc
eptCredential.java:186)
        ... 19 more
Caused by: KrbException: KDC has no support for encryption type (14)
        at sun.security.krb5.internal.crypto.p.a(DashoA6275:63)
        at sun.security.krb5.EncryptedData.<init>(DashoA6275:89)
        at sun.security.krb5.KrbAsReq.a(DashoA6275:234)
        at sun.security.krb5.KrbAsReq.<init>(DashoA6275:156)
        at sun.security.krb5.KrbAsReq.<init>(DashoA6275:73)
        at sun.security.krb5.Credentials.acquireTGT(DashoA6275:347)
        at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Kr
b5LoginModule.java:576)
        ... 33 more
>
<Oct 11, 2005 6:30:32 PM GMT+08:00> <Debug> <SecurityDebug> <000000>
<Exception
weblogic.security.providers.utils.NegotiateTokenException: GSSException:
No vali
d credentials provided (Mechanism level: Attempt to obtain new ACCEPT
credential
s failed!)
weblogic.security.providers.utils.NegotiateTokenException: GSSException:
No vali
d credentials provided (Mechanism level: Attempt to obtain new ACCEPT
credential
s failed!)
        at
weblogic.security.providers.utils.SPNEGONegotiateToken.getUsername(SP
NEGONegotiateToken.java:419)
        at
weblogic.security.providers.authentication.SinglePassNegotiateIdentit
yAsserterProviderImpl.assertIdentity(SinglePassNegotiateIdentityAsserter
Provider
Impl.java:201)
        at
weblogic.security.service.PrincipalAuthenticator.assertIdentity(Princ
ipalAuthenticator.java:553)
        at
weblogic.servlet.security.internal.CertSecurityModule.checkUserPerm(C
ertSecurityModule.java:104)
        at
weblogic.servlet.security.internal.SecurityModule.beginCheck(Security
Module.java:199)
        at
weblogic.servlet.security.internal.CertSecurityModule.checkA(CertSecu
rityModule.java:86)
        at
weblogic.servlet.security.internal.ServletSecurityManager.checkAccess
(ServletSecurityManager.java:145)
        at
weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
rvletContext.java:3685)
        at
weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
pl.java:2644)
        at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219)
        at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
>
<Oct 11, 2005 6:30:32 PM GMT+08:00> <Debug> <SecurityDebug> <000000>
<PrincipalA
uthenticator.assertIdentity - IdentityAssertionException>

More information about the Kerberos mailing list