SPNEGO in IdP 3.2
Daniel Lutz
daniel.lutz at switch.ch
Fri Nov 20 08:44:43 EST 2015
Chris Franks schrieb am 20.11.15 um 10:40:
> Sorry about this, after trying Java7, it looks like it’s a versioning
> problem:
Yes, it seems that the key available in the keytab on the IdP
doesn't match the key that was used to encrypt the service
ticket in the client's request.
Could it be that the IdP service user's password changed on the KDC?
Do you use the same keytab on the test IdP as on the V2 IdP?
(In this case, I would expect that it works, actually, but
I'm not sure.)
I think that re-generating the IdP's keytab on the KDC and
storing it on the IdP should solve the problem.
I would be very interested in your findings.
Currently, the documentation about the SPNEGO login flow
doesn't contain a section about troubleshooting. I will
add this soon.
BTW, the reason that Java 8 gives a different error message than
Java 7 is that Java 8 actually doesn't check for the key's version
(for some compatibility reasons). The main problem should be
the same.
-- Daniel
More information about the users
mailing list