10/03/22 12:06:22 Acquire TGT using AS Exchange
10/03/22 12:06:22 KerberosAuthenticator: GSSException raised in constructor - No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
10/03/22 12:06:22 GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
10/03/22 12:06:22 at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
[snip!]
10/03/22 12:06:22 ... 22 more
10/03/22 12:06:22 KerberosAuthenticator: Please check the error messages and fix it. Restart OC4J (OC4J_SECURITY instance) server
10/03/22 12:06:22 KerberosAuthenticator: Possible errors may be:
10/03/22 12:06:22 KerberosAuthenticator: 1.HTTP service name in $ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml or $ORACLE_HOME/j2ee/OC4J_SECURITY/application-deployments/sso/orion-application.xml is wrong.
10/03/22 12:06:22 KerberosAuthenticator: 2.KDC Details (host/port) in $ORACLE_HOME/opmn/conf/opmn.xml are wrong.
10/03/22 12:06:22 KerberosAuthenticator: 3.KDC is down.
10/03/22 12:06:22 KerberosAuthenticator: 4.KDC Details in the keytab file are wrong or the keytab file path has been incorrectly specified.
then try adding the following to $ORACLE_HOME/j2ee/OC4J_SECURITY/config/jazn-data.xml, under the section <login-module>
<class>com.sun.security.auth.module.Krb5LoginModule</class>
<option>
<name>isInitiator</name>
<value>false</value>
</option>
Then, restart the OC4J_SECURITY process.
Inspite of
everything noted in the note, it works with:
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2.07-050121-15:53)
Java HotSpot(TM) Server VM (build 1.4.2 1.4.2.07-050121-21:06-IA64N IA64, mixed mode)
running on:
HP-UX [myhost] B.11.23 U ia64 4294967040 unlimited-user license
3 comments:
Frank,
which logfile do I check for this?
@Robacle: It's the ssoServer.log, and you should be logging DEBUG mode.
Great, thanks! Have to debug an OID/WNA installation tomorrow!
Post a Comment