Hello!
Sorry for my English.
I’m trying to configure Single Sign On with Weblogic application server and Kerberos. But I’m still getting my login page… When I’m trying to access login page, in servername.out log file appears this log, without any errors (as I understand Additional pre-authentication required is a normal error):
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /oracle/product12/user_projects/domains/test/krb/test.keytab refreshKrb5Config is false principal is kinp@TEST.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
KeyTab instance already exists
Added key: 23version: 19
Ordering keys wrt default_tkt_enctypes list
default etypes for default_tkt_enctypes: 23 3.
0: EncryptionKey: keyType=23 kvno=19 keyValue (hex dump)=
0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5
principal’s key obtained from the keytab
Acquire TGT using AS Exchange
default etypes for default_tkt_enctypes: 23 3.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=137
KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=137
KrbKdcReq send: #bytes read=181
KrbKdcReq send: #bytes read=181
KdcAccessibility: remove 192.168.0.100
KDCRep: init() encoding tag is 126 req type is 11
KRBError:
sTime is Tue Jan 20 10:46:05 EET 2015 1421743565000
suSec is 576578
error code is 25
error Message is Additional pre-authentication required
realm is TEST.ORG
sname is krbtgt/TEST.ORG
eData provided.
msgType is 30
Pre-Authentication Data:
PA-DATA type = 11
PA-ETYPE-INFO etype = 23
PA-ETYPE-INFO salt =
Pre-Authentication Data:
PA-DATA type = 19
PA-ETYPE-INFO2 etype = 23
PA-ETYPE-INFO2 salt = null
Pre-Authentication Data:
PA-DATA type = 2
PA-ENC-TIMESTAMP
Pre-Authentication Data:
PA-DATA type = 16
Pre-Authentication Data:
PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
KrbAsReq salt is TEST.ORGdev
default etypes for default_tkt_enctypes: 23 3.
Pre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=220
KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=220
KrbKdcReq send: #bytes read=1408
KrbKdcReq send: #bytes read=1408
KdcAccessibility: remove 192.168.0.100
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbAsRep cons in KrbAsReq.getReply dev
principal is dev@TEST.ORG
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5
Added server’s keyKerberos Principal dev@TEST.ORGKey Version 19key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5
[Krb5LoginModule] added Krb5Principal dev@TEST.ORG to Subject
Commit Succeeded
Found key for dev@TEST.ORG(23)
Entered Krb5Context.acceptSecContext with state=STATE_NEW
How can I solve this problem? Or how can I correctly debug this problem, to understand where is a miss.
Thanks!