Hi All,
I am having EHP1 for NW 7.3 installed on windows 2008 R2 and I am trying to do SSO with ADS.
I am following the steps as below :
1. Created administrator user user1 and disabled "Use Kerberos DES encryption type for this Account" and checked "Password never expire option"
2. setspn -a HTTP/javahost.mydomain.com user1
3. Logged into javahost:port/nwa
4. Generated Keytab file in Domain server:
ktab -a user1@MYDOMAIN.COM -k keytab
5. Imported the keytab into the JAVA system :
http://javahost:port/spnego
Kerberos Realm--> edit --> Keys--> Update Keys -> uploading keytab file --> browse --> selected file and IMPORT --> Save.
6. Activate the REALM.
7. Adjusted the authentication stack:
EvaluateTicketLoginModule SUFFICIENT
SPNegoLoginModule OPTIONAL
CreateTicketLoginModule SUFFICIENT
BasicPasswordLoginModule REQUIRED
CreateTicketLoginModule REQUIRED
-->Save.
8. Did the settings in the browser, but SSO is not working.
I am getting a error as "No key (etype: 18) for realm".
When I googled I found that the error is due to "AES256-CTS-HMAC-SHA1-96" as attached in SS.
Actually My keytab generates "DES-CBC-MD5","AES128-CTS-HMAC-SHA1-96","RC4-HMAC".
I updated my java policy as per the note and I got "AES256-CTS-HMAC-SHA1-96" .
Now I am getting "Could not validate SPNEGO token.
[EXCEPTION]
java.security.InvalidKeyException: Illegal key size
"
Can you please guide on this?
Regards
G.Partheeban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.