Symptom
- Windows Active Directory (AD) login is possible to Central Management Control and InfoView
- Single Sign On (SSO) shows error:
HTTP Status 500 - message com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 23, KVNO 16, Principal "HTTP/hoboxsql1.ho.discount@HO.DISCOUNT" using key: Principal: ServicePrincipalName.domain@domain Type: 1 TimeStamp: Thu Jan 01 02:00:00 GMT+02:00 1970 KVNO: -1 Key: [23, 99 c2 6e c2 65 26 ae 96 66 dd 8a 59 a d6 63 bc ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] )
description The server encountered an internal error (com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosException: Could not decrypt service ticket with Key type 23, KVNO 16, Principal "HTTP/hoboxsql1.ho.discount@HO.DISCOUNT" using key: Principal: ServicePrincipalName.domain@domain Type: 1 TimeStamp: Thu Jan 01 02:00:00 GMT+02:00 1970 KVNO: -1 Key: [23, 99 c2 6e c2 65 26 ae 96 66 dd 8a 59 a d6 63 bc ] Exception for this key was: com.dstc.security.kerberos.CryptoException: Integrity check failure[Note: principal names are different; this may or may not be a problem] [Note: KVNO used wildcard match, not exact match; perhaps the password used to generate this key is not the most recent password?] )) that prevented it from fulfilling this request.
Read more...
Product
Keywords
SSO, Vintela, Single Sign On, Active Directory, Tomcat, sign-on , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.