Quantcast
Channel: Adobe Community : Popular Discussions - LiveCycle installation, configuration, deployment, and administration
Viewing all articles
Browse latest Browse all 87219

Kerberos SSO - working in Windows but failed in unix

$
0
0

Hi all,

 

Let me explain my current situation.

We need to enable SSO Kerberos in Windows

Server 2003 for Livecycle with Websphere.

 

In development environment the Application Server is installed in a Windows based machine (Windows XP/ Windows Server 2003), we test the kerberos successfully.

In client's environment, the Application Server is installed in Unix, we test the kerberos and it failed.

 

From what I observed,

 

In Windows environment, we can use any name with format HTTP/xxx with command ktpass e.g.

ktpass HTTP/1.1.1.1@DOMAIN.COM  -mappuser spnego

 

I put it in the Service User field and it will test successfully with Windows Environment.

(Of course, in actual configuration, I put HTTP/<lcesServerName>.domain.com)

 

In Unix environment, we have the exception "Server not found in kerberos database"

 

When I read the /etc/hosts file, I saw that the  <lcesServerName>.domain.com is mapped to 2 different IP addresses.

10.172.16.16 and 10.0.0.1 with precedence is 10.172.16.16<lcesServerName>.domain.com

i.e. if I ping <lcesServerName>.domain.com it will ping the IP 10.172.16.16.

 

I thought in Unix, after authenticated successfully, It tries to connect to the real lces server, i.e. <lcesServerName>.domain.com

and because internal Unix cannot connect to external IP (10.172.16.16) then it failed.

 

Then I tried to create another service user sso.<lcesServerName>.domain.com to map specifically to 10.0.0.1 and livecycle return me the error "No resolver supplied". The same thing happens if I map HTTP/10.0.0.1 to spnego.

The exception is (totaly not related to Livecycle):
================

10/16/09 16:29:17:816 CST] 0000015e ConfigAuthEdi A com.adobe.idp.um.ui.config.ConfigAuthEditAction testKerberosSettings_onClick TRAS0014I: The following exception was logged java.lang.IllegalArgumentException: No resolver supplied
at com.wedgetail.idm.sso.directory.ad.DefaultADConfig.<init>(DefaultADConfig.java:121)
at com.wedgetail.idm.sso.auth.FilterAuthContext.<init>(FilterAuthContext.java:260)
at com.wedgetail.idm.sso.AbstractAuthenticator.getAuthSession(AbstractAuthenticator.java:636 )
at com.wedgetail.idm.sso.AbstractAuthenticator.initAuthenticator(AbstractAuthenticator.java: 509)
at com.wedgetail.idm.sso.AuthFilter.init(AuthFilter.java:105)

=================

 

I'm sure that the Service User, Service Password, KDC Host and spnego user account are properly configured.

 

Is there any idea why test kerberos fails in Unix or is it because of Unix or the AD server?

 

Thank you,

Tuan Anh


Viewing all articles
Browse latest Browse all 87219

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>