SAP Knowledge Base Article - Preview

1548417 - XI 4.0 Java AD SSO failing (FWM 00006)

Symptom

Account Information Not Recognized: Active Directory Authentication failed to log you on. Please contact your system administrator to make sure you are a member of a valid mapped group and try again. If you are not a member of the default domain, enter your user name as UserName@DNS_DomainName, and then try again. (FWM 00006)

  • Wireshark traces from a client never show a HTTP 401 after the GET call to HTTP GET /BOE/portal/101202/InfoView/logon/logonService.do?bttoken=none HTTP/1.1
  • The Wireshark traces show an AS-REQ but in the KDC-REQ-BODY the Client Name (Principal): is blank.
  • The next kerberos packet in the traces show KRB5 KRB Error: KRB5KRB_ERR_GENERIC with an error_code: KRB5KRB_ERR_GENERIC (60)
  • With the djcsi trace set in the Tomcat 6 java options we never saw ** credentials obtained .. ** in the stdout.log when tomcat started up however there were no errors thrown. If the Vintela filter is working we should see at least one instance of this soon after the line Message sent sucessfully to KDC.
  • After a failed SSO attempt, in stdout.log we saw [Krb5LoginModule] user entered username: @DOMAIN.COM and Generic error (description in e-text) (60)
  • Wireshark traces from Tomcat starting showed KRB5 KRB Error: KRB5KDC_ERR_C_PRINCIPAL_UNKNOWN after an AS-REQ for the value we entered into the idm.princ.
  • We also saw the KRB5KRB_ERR_GENERIC (60) in a case where the configuration options for vintela were correct but a compatibility problem with the web/app prevented the successful loading of vintela in more in KBA 1742096 This symptom could come back on other web/apps in the future so noting here.


Read more...

Environment

SAP BusinessObjects Business Intelligence 

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.0, feature pack 3

Keywords

KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.