Symptom
- Logging into the Secure Login Client SPNEGO profile results in the error:
"Supplied credentials not accepted by the server." - If the traces show the below errors, go to Resolution point 1
Secure Login Client trace:
-
"Got kerberos ticket for 'HTTP/<SPN>' with server key type 18 and session key type 18"
"Cli-00000003: Cannot perform client authentication: Have no certificate fitting to CA names received from server"
TSHW trace:
-
"Could not validate SPNEGO token. Reason: Checksum error.
No logon policy was applied" - If the TSHW trace show the below error, go to Resolution point 2
-
"Could not validate SPNEGO token.
[EXCEPTION]java.lang.Exception: Clock skew too great. Client time: <>"
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Read more...
Environment
-
SAP NetWeaver Application Server Java
-
SAP NetWeaver Application Server ABAP
-
ABAP Platform
-
SAP S/4HANA
-
SAP Single Sign-On 2.0
-
SAP Single Sign-On 3.0
Product
Keywords
SLC, SecureLoginDefaultPolicyConfigurationSPNEGO, SPNegoLoginModule, Secure Login Server, SLS, default, developer, AD, Active Directory, service user, account, clock, application server, failed , KBA , BC-IAM-SSO-SL , Secure Login , BC-JAS-SEC-LGN , Logon, SSO , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.