Hi ,
I am trying to enable desktop SSO between PeopleSoft apps deployed on webLogic using Kerberos.
Here Apche webserver (2.2.X) is used as reverse proxy with WebLogic.
1. I have completed the Apache server configuration krb5.conf as well as httpd.conf to get tickets from KDC. Al kinit,klist utilities are working fine as expected .
2. Active Directory configuration is also completed
3. I am using IE version 8 on Windows 7 as client, here also I have made the required changes like (Enable Integrated windows auth, Adding apche server to intranet site ) to enable it for Kerberos Authentication
4. After logging on to the desktop,I can see the list of tickets for that user using klist .
Testing .
1. whenever I try to access a cgi page deployed on Apache webserver, I am getting the following output in browser:
,
Authorization Required
This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.
2. In the apche error_log,I can see the following error message :
Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1628): [client 10.39.17.154] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1628): [client 10.39.17.154] kerb_authenticate_user entered with user (NULL) and auth_type Kerberos
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1240): [client 10.39.17.154] Acquiring creds for HTTP/ca1vmprdpsoft1.kla-tencor.com@ADCORP.KLA-TENCOR.COM
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1385): [client 10.39.17.154] Verifying client data using KRB5 GSS-API
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1401): [client 10.39.17.154] Client didn't delegate us their credential
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1429): [client 10.39.17.154] Warning: received token seems to be NTLM, which isn't supported by the Kerberos module. Check your IE configuration.
[Sun Jan 15 22:18:34 2012] [debug] src/mod_auth_kerb.c(1101): [client 10.39.17.154] GSS-API major_status:00090000, minor_status:00000000
[Sun Jan 15 22:18:34 2012] [error] [client 10.39.17.154] gss_accept_sec_context() failed: Invalid token was supplied (, No error)
Need help :
Why the Browser is sending NTLM token when I have configured it to send kerberos ticket .
Not sure why am I getting this error.
Any help to resolve this issue would be highly appreciated.
Note : I have created the keytab file with DES encryption where as the logged in user is having RC4 encryption ticket issued to it by KDC. Is that a problem???
Thanks & regards,
Soumya
Log in to post a comment.
