Hi:
I'm trying to setup/configure SSO between WebLogic 10g and Microsoft AD/Clients as described in the WebLogic documentation: http://download.oracle.com/docs/cd/E12840_01/wls/docs103/secmanage/sso.html#wp1101370
I have a Windows 2003 Server Domain Controller (with AD) and a VM with Windows 2003 Server with WebLogic 10g. The domain is called SSODEMO.MYDOMAIN.LOCAL and the machine is called oracledev7. The VM is called ssoweblogic and is registered as a machine in the domain. Both machines can access the other.
I followed the steps provided in the mentioned document until step 7 where I got stuck with the following error:
kinit -k -t weblogic.keytab weblogicuser@SSODEMO.MYDOMAIN.LOCAL
Exception: krb_error 24 Pre-authentication information was invalid
(24) Pre-authentication information was invalid
KrbException: Pre-authentication information was invalid (24)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:449)
at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:306)
at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:257)
at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 4 more
--------------------------------------------------------------
This is my SSO setup
===================================================
On AD Server
Created a user called: weblogicuser and set "Use DES encryption types for this account" option
setspn -a host/ssoweblogic ssoweblogic
setspn -a host/ssoweblogic.ssodemo.mydomain.local ssoweblogic
setspn -a HTTP/ssoweblogic weblogicuser
setspn -a HTTP/ssoweblogic.ssodemo.mydomain.local weblogicuser
setspn -l ssoweblogic
Registered ServicePrincipalNames for CN=SSOWEBLOGIC,CN=Computers,DC=ssodemo,DC=mydomain,DC=local:
HOST/SSOWEBLOGIC
HOST/ssoweblogic.ssodemo.mydomain.local
setspn -l weblogicuser
Output: Registered ServicePrincipalNames for CN=Weblogic User,CN=Users,DC=ssodemo,DC=mydomain,DC=local:
HTTP/ssoweblogic.ssodemo.mydomain.local
HTTP/ssoweblogic
ktpass -princ HOST/ssoweblogic@SSODEMO.MYDOMAIN.LOCAL -pass cw123-x -mapuser weblogicuser@SSODEMO.MYDOMAIN.LOCAL -ptype KRB5_NT_PRINCIPAL -out weblogic.keytab
===================================================
On Weblogic Server
ktab -k weblogic.keytab -a weblogicuser@SSODEMO.MYDOMAIN.LOCAL
Password: ************
kinit -k -t C:\bea\user_projects\domains\sso_domain\weblogic.keytab weblogicuser@SSODEMO.CRIMSONWING.LOCAL
--------------------------------------------------------------
Any help would be appreciated,
Albert