https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305748#M1726741 <HTML><HEAD></HEAD><BODY><P>Thanks, I know this notes and support of microsoft.</P><P></P><P>I have enable the DES encryption in all amchines with Windows 7... What could be the problem?</P><P></P><P>Yesterday worked fine (with the legacy activated), and today there are two person that it doesn´t work... why?</P><P></P><P>Thanks in advance,</P><P>Regards,</P></BODY></HTML> Thu, 07 Feb 2013 10:23:50 GMT Former Member 2013-02-07T10:23:50Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305743#M1726736 <HTML><HEAD></HEAD><BODY><P>Hi experts,</P><P></P><P>I patched my Java system that I had configured SSO with spnego. In the pdf instructions in spnego appear that, before path the system I have to undeploy the component spnego, but... I did not do it; and now it does not work the SSO.</P><P></P><P>Can anyone help me? I try to undeploy and deploy again but I continue with the same problem.</P><P></P><P>I check with the diagtool and appear:</P><P>Unsupported callback. </P><P>[EXCEPTION]</P><P> javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback</P><P>at com.sun.security.auth.callback.TextCallbackHandler.handle(TextCallbackHandler.java:118)</P><P>at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:812)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:808)</P><P>at com.sap.engine.services.security.login.FastLoginContext.notifyAuthState(FastLoginContext.java:537)</P><P>at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:247)</P><P>at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)</P><P>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)</P><P>at java.lang.reflect.Method.invoke(Method.java:331)</P><P>at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)</P><P>at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)</P><P>at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)</P><P>at javax.security.auth.login.LoginContext.login(LoginContext.java:534)</P><P>at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)</P><P>at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)</P><P>at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)</P><P>at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)</P><P>at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)</P><P>at sun.security.jgss.GSSCredentialImpl.&lt;init&gt;(GSSCredentialImpl.java:44)</P><P>at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)</P><P>at com.sap.security.core.server.jaas.spnego.legacy.util.ConfigurationHelper.acquireCredentialsInCurrentThread(ConfigurationHelper.java:207)</P><P>at com.sap.security.core.server.jaas.spnego.legacy.util.ConfigurationHelper.access$000(ConfigurationHelper.java:30)</P><P>at com.sap.security.core.server.jaas.spnego.legacy.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:302)</P><P></P><P></P><P>No authenticated user found. </P><P>16:53:12:554 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_20 ~inmodule.ticket.CreateTicketLoginModule Exiting method with false </P><P>16:53:12:555 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_20 ~engine.services.security.authentication Exception : Cannot authenticate the user.</P><P>java.lang.Exception</P><P>at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1175)</P><P>at com.sap.exception.BaseExceptionInfo.&lt;init&gt;(BaseExceptionInfo.java:263)</P><P>at com.sap.engine.services.security.exceptions.BaseLoginException.&lt;init&gt;(BaseLoginException.java:163)</P><P>at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:178)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:187)</P><P>at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)</P><P>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)</P><P>at java.lang.reflect.Method.invoke(Method.java:331)</P><P>at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)</P><P>at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)</P><P>at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)</P><P>at javax.security.auth.login.LoginContext.login(LoginContext.java:534)</P><P>at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:206)</P><P>at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)</P><P>at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)</P><P>at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java </P><P></P><P></P><P>getLoggedInUser(request, response) </P><P>[EXCEPTION]</P><P> com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.</P><P>at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:178)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:187)</P><P>at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)</P><P>at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)</P><P>at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)</P><P>at java.lang.reflect.Method.invoke(Method.java:331)</P><P>at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)</P><P>at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)</P><P>at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)</P><P>at java.security.AccessController.doPrivileged(Native Method)</P><P>at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)</P><P>at javax.security.auth.login.LoginContext.login(LoginContext.java:534)</P><P>at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:206)</P><P>at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)</P><P>at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)</P><P>at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:181)</P><P></P><P></P><P></P><P>If I active com.sap.security.spnego.legacy = true it works during one day...</P><P></P><P>Any idea?</P><P></P><P>Thanks in advance,</P><P>Regards,</P></BODY></HTML> Mon, 04 Feb 2013 16:18:56 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305743#M1726736 Former Member 2013-02-04T16:18:56Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305744#M1726737 <HTML><HEAD></HEAD><BODY><P>Share the excact versions of your portal prior to patching and after the patching. Also send the traces as attachments, not embedded in the message.</P></BODY></HTML> Mon, 04 Feb 2013 19:11:29 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305744#M1726737 Former Member 2013-02-04T19:11:29Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305745#M1726738 <HTML><HEAD></HEAD><BODY><P>From <SPAN style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">SPS07 to SPS12.</SPAN></P><P></P><P><SPAN style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">After the patch, It does not work the spnego.</SPAN></P><P></P><P><SPAN style="font-family: 'Calibri','sans-serif'; font-size: 11pt;">Regards,</SPAN></P></BODY></HTML> Tue, 05 Feb 2013 12:33:42 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305745#M1726738 Former Member 2013-02-05T12:33:42Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305746#M1726739 <HTML><HEAD></HEAD><BODY><P>I attach the logs of diagtools --&gt; <A href="https://www.dropbox.com/s/ujfckx52trc749k/diagtool_130206_112136.zip" title="https://www.dropbox.com/s/ujfckx52trc749k/diagtool_130206_112136.zip">https://www.dropbox.com/s/ujfckx52trc749k/diagtool_130206_112136.zip</A></P><P></P><P>Thanks in advance,</P><P>Regards,</P></BODY></HTML> Wed, 06 Feb 2013 10:53:43 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305746#M1726739 Former Member 2013-02-06T10:53:43Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305747#M1726740 <HTML><HEAD></HEAD><BODY><P>From the traces you have provided:</P><P></P><P><EM>No supported mechanism found. Supported mechanisms are Kerberos V5 and Kerberos V5 Legacy</EM></P><P></P><P>and </P><P></P><P><EM>No supported mechanism found</EM></P><P></P><P>The patching has introduced the new SPNEGO implementation, it is included in SP08 of NW701. In the new implementation DES encryption is used by default. It has to be supported by both the client (SPNEGO) and the server (AD). If you are unable to use DES and since AES is not supported in SPNEGO, you will have to reconfigure your encyption keys so that RC4-HMAC will be used. See chapter 8. of the document in SAP note 1488409 on how to proceed. I would strongly advice on enabling DES however. See the attached links for more details.</P><P></P><P><A href="https://service.sap.com/sap/support/notes/1488409">https://service.sap.com/sap/support/notes/1488409</A></P><P><A href="https://service.sap.com/sap/support/notes/1396724">https://service.sap.com/sap/support/notes/1396724</A></P><P><A href="http://support.microsoft.com/kb/977321" title="http://support.microsoft.com/kb/977321">http://support.microsoft.com/kb/977321</A></P></BODY></HTML> Wed, 06 Feb 2013 17:47:12 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305747#M1726740 Former Member 2013-02-06T17:47:12Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305748#M1726741 <HTML><HEAD></HEAD><BODY><P>Thanks, I know this notes and support of microsoft.</P><P></P><P>I have enable the DES encryption in all amchines with Windows 7... What could be the problem?</P><P></P><P>Yesterday worked fine (with the legacy activated), and today there are two person that it doesn´t work... why?</P><P></P><P>Thanks in advance,</P><P>Regards,</P></BODY></HTML> Thu, 07 Feb 2013 10:23:50 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305748#M1726741 Former Member 2013-02-07T10:23:50Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305749#M1726742 <HTML><HEAD></HEAD><BODY><P>Do these two persons use different OSs or browsers then the users for which it works? Did it work for these two persons before? More than two days ago?</P><P></P><P>About the Legacy option. The SAP documentation says that the Legacy option should be used only temporary, it is not a permanent solution. I would make SSO work without it. There shouldn't be any issues having a fully DES based SSO in place with the new SPNEGO and recent OSs both on the portal server and on the clients accessing the portal server.</P><P></P><P>Apart from reconfiguring the encryption keys, I'm out of ideas. You might have missed something in the configuration.</P></BODY></HTML> Thu, 07 Feb 2013 14:44:46 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305749#M1726742 Former Member 2013-02-07T14:44:46Z https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305750#M1726743 <HTML><HEAD></HEAD><BODY><P>This person sometimes work and sometimes not work... for example; yesterday it does not work to them and today it works...</P><P></P><P>If I quit the legacy; it does not work to nobody...</P><P></P><P>Thanks in advance,</P><P>Regards,</P></BODY></HTML> Fri, 08 Feb 2013 12:20:16 GMT https://community.sap.com/t5/application-development-and-automation-discussions/error-spnego-after-patch/m-p/9305750#M1726743 Former Member 2013-02-08T12:20:16Z