cancel
Showing results for 
Search instead for 
Did you mean: 

Portal - Kerberos - "Defective credential"

Former Member
0 Kudos

Hi,

I'm trying to set up Kerberos Authentication to EP7 SP13 portal. The userstore is ABAP, but according to SAP note 935644 it is possible to have Kerberos Authentication with ABAP userstore...

I have run the SPNEGO wizard, using simple resolution mode, and everything seems ok, but users are not logged into the portal. I have tried setting the user attribute krb5principalname to the UPN and KPN - should it be the "Client Principle" as displayed via KERBTRAY.EXE??

In the logs, I am getting the error "org.ietf.jgss.GSSException: Defective credential"

Just before that is the warning "No jGSSName found for realm DOMAIN.NET. jGSSNames are: host/portalhost.we.domain.net@domain.net" but that seems slightly contradictory??

Any help GREATLY appreciated

Best regards

Jane

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

OK, I changed the Login Module attribute com.sap.spnego.jgdd.name from host/portal.we.domain.net@domain.net to host/portal.we.domain.net@DOMAIN.NET and hey presto... it worked and the attribute krb5principalname needs to be set to the KPN as shown on KERBTRAY.EXE, which isn't the same as the UPN.

All the best

Jane