Hello,
I am trying to enable Kerberos authentication in our PeopleSoft system (Tools 8.53.24) and am having trouble with the sign-on peoplecode. Specifically the KRB_AUTHENTICATION() function in FUNCLIB_LDAP.LDAPAUTH.FieldDefault(). I have set up everything according to the directions in PeopleBooks. The web server is accepting a valid Kerberos token, and is executing the correct PeopleCode. It's successfully retrieving the user name from the token, but when it instantiates the KerberosSSOValidator class and calls the validate() method, it's returning a string of "NULL" for the &validUserName variable, which makes it fail the subsequent IF evaluation. See below and note the red highlighted code which indicates where my problem is:
If Len(&userName) > 0 Then
&krbToken = Substring(&krbToken, 11, Len(&krbToken) + 1);
&validator = GetJavaClass("com.peoplesoft.pt.desktopsso.kerberos.KerberosSSOValidator").getInstance();
Local string &validUserName = &validator.validate(&krbToken);
If &validUserName <> "NULL" And
&princName = &validUserName Then
SetAuthenticationResult( True, Upper(&userName), "", False);
&authMethod = "KRB";
End-If;
End-If;
I added some statements to insert the values of the various values that are in play in this block of code, and I can see that before calling $validator.validate(), &userName correctly holds the user ID that came through in the Kerberos token. I also confirmed that the call to instantiate KerberosSSOValidator is not returning a null object (if it was the subsequent line would fail anyway). Yet validate() still returns a string of "NULL". Also, if I override the call to validate and hardcode &validUserName = "<my user name>", it successfully logs me (or anybody) in as my ID if they try and hit a PeopleSoft page.
Has anybody else experienced this error? Please respond with any information specific to this code, and not with Oracle's instructions on setting up Kerberos Authentication. I have thoroughly followed those steps.