Thursday, January 24, 2013

GSSException No valid credentials provided Mechanism level Failed to find any Kerberos Ticket Key

Error message :
Caused By: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos Key)

    Cause:
This may occur if no valid Kerberos credentials are obtained. In particular, this occurs if you want the underlying mechanism to obtain credentials but you forgot to indicate this by setting the javax.security.auth.useSubjectCredsOnly system property value to false (for example via -Djavax.security.auth.useSubjectCredsOnly=false in your execution command).

    Solution:
Be sure to set the javax.security.auth.useSubjectCredsOnly system property value to false if you want the underlying mechanism to obtain credentials, rather than your application or a wrapper program (such as the Login utility used by some of the tutorials) performing authentication using JAAS.

Stop the admin server
Modify the startWebLogic.sh file located in DOMAIN_HOME/bin
add the flag -Djavax.security.auth.useSubjectCredsOnly=false in java_options
save and start your admin server

below is a typical example assuming your weblogic is on linux box

Modify the startWebLogic.sh file located in DOMAIN_HOME/bin

Locate the following line:
# Start WebLogic

Below this line, add the following, replacing the correct path to krb5Login.conf:
JAVA_OPTIONS=”${JAVA_OPTIONS} -Djava.security.auth.login.config=/opt/Oracle/Middleware/user_projects/domains/base_domain/krb5Login.conf –Djavax.security.auth.useSubjectCredsOnly=false –Dweblogic.security.enableNegotiate=true”
export JAVA_OPTIONS

Save the file. Start the Administration Server



For Windows
Modify the startWebLogic.cmd file located in DOMAIN_HOME\bin (default is c:\Oracle\Middleware\user_projects\domains\base_domain\bin\startWebLogic.cmd)

Locate the following line:
@REM START WEBLOGIC

Below this line, add the following:

set JAVA_OPTIONS=%JAVA_OPTIONS% -Djava.security.auth.login.config=%DOMAIN_HOME%\krb5Login.conf –Djavax.security.auth.useSubjectCredsOnly=false –Dweblogic.security.enableNegotiate=true


Ref : http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/Troubleshooting.html

No comments: