使用Weblogic 11g OEL进行SSO配置
使用Weblogic 11g OEL进行SSO配置
提问于 2016-08-22 23:09:36
通过AD user for SSO访问应用程序时,我在Weblogic中收到以下错误。
> <> <> <1471875042422> <BEA-000000> <com.bea.common.security.internal.legacy.service.ChallengeIdentityAssertionProviderImpl$ChallengeIdentityAsserterV2Adapter.assertChallengeIdentity(Authorization.Negotiate)>
####<22-Aug-2016 15:10:42 o'clock BST> <Debug> <SecurityAtn> <ndl-wln-100.centricait.com> <ND_Manage1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1471875042422> <BEA-000000> <GSSExceptionInfo:>
####<22-Aug-2016 15:10:42 o'clock BST> <Debug> <SecurityAtn> <ndl-wln-100.centricait.com> <ND_Manage1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1471875042423> <BEA-000000> < major: (13) : No valid credentials provided>
####<22-Aug-2016 15:10:42 o'clock BST> <Debug> <SecurityAtn> <ndl-wln-100.centricait.com> <ND_Manage1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1471875042423> <BEA-000000> < minor: (-1) : Failed to find any Kerberos credentails>
####<22-Aug-2016 15:10:42 o'clock BST> <Debug> <SecurityAtn> <ndl-wln-100.centricait.com> <ND_Manage1> <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1471875042423> <BEA-000000> <acceptGssInitContextToken failed
com.bea.security.utils.kerberos.KerberosException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:334)
at com.bea.security.utils.kerberos.KerberosTokenHandler.access$000(KerberosTokenHandler.java:41)
at com.bea.security.utils.kerberos.KerberosTokenHandler$1.run(KerberosTokenHandler.java:226)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:536)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:224)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:152)
at com.bea.common.security.internal.utils.negotiate.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:57)
at weblogic.security.providers.authentication.NegotiateIdentityAsserterProviderImpl.assertChallengeIdentity(NegotiateIdentityAsserterProviderImpl.java:210)
at com.bea.common.security.internal.legacy.service.ChallengeIdentityAssertionProviderImpl$ChallengeIdentityAsserterV2Adapter.assertChallengeIdentity(ChallengeIdentityAssertionProviderImpl.j我已经使用kinit -V -k -t negotestserver.keytab HTTP/WL-HOST@MYDOMAIN.COM验证了密钥表,它成功地通过了身份验证。想知道这个问题的解决方案是什么,任何帮助都将不胜感激。
回答 1
Stack Overflow用户
回答已采纳
发布于 2016-08-24 03:58:56
从浏览器发送到Weblogic的票证很可能不是Kerberos票证,而是NTLM。IE在Kerberos上使用NTLM的原因有很多,大多数情况下都是因为设置或Windows设置不正确。你能在你的日志里查一下车票吗?如果它看起来像这样:
YIGCBgYrBgEFBQKgeDB2oDAwLgYKKwYBBAGCNwICCgYJKoZIgvcSAQICBgkqhkiG9xIBAgIGCisGAQQBgjcCAh6iQgRATlRMTVNTUAABAAAAl7II4g4ADgAyAAAACgAKACgAAAAGAbEdAAAAD0xBUFRPUC0yNDVMSUZFQUNDT1VOVExMQw==
这是NTLM。Kerberos票证的长度至少是它的两倍。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/39083051
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号