2636840 - Secure Login Client SPNEGO Profile - "Supplied credentials not accepted by the server."

Symptom

Logging into the Secure Login Client SPNEGO profile results in the error:
"Supplied credentials not accepted by the server."
If the traces show the below errors, go to Resolution point 1

Secure Login Client trace:

"Got kerberos ticket for 'HTTP/<SPN>' with server key type 18 and session key type 18"
"Cli-00000003: Cannot perform client authentication: Have no certificate fitting to CA names received from server"

TSHW trace:

"Could not validate SPNEGO token. Reason: Checksum error.
No logon policy was applied"
If the TSHW trace show the below error, go to Resolution point 2
"Could not validate SPNEGO token.
[EXCEPTION]java.lang.Exception: Clock skew too great. Client time: <>"

"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."

Environment

SAP NetWeaver Application Server Java
SAP NetWeaver Application Server ABAP
ABAP Platform
SAP S/4HANA
SAP Single Sign-On 2.0
SAP Single Sign-On 3.0

Product

ABAP platform all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions ; SAP S/4HANA all versions ; SAP Single Sign-On 2.0 ; SAP Single Sign-On 3.0

Keywords

SLC, SecureLoginDefaultPolicyConfigurationSPNEGO, SPNegoLoginModule, Secure Login Server, SLS, default, developer, AD, Active Directory, service user, account, clock, application server, failed , KBA , BC-IAM-SSO-SL , Secure Login , BC-JAS-SEC-LGN , Logon, SSO , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.