SAP Knowledge Base Article - Preview

2483974 - Windows AD SSO using AES encryption not working in Business Intelligence Platform

Symptom

  • BI Launchpad logon page is reached instead of being automatically logged in
  • Tomcat logs would show the following type of error message:

    jcsi.kerberos: Could not decrypt service ticket with Key type 18, KVNO 4, Principal "HTTP/XXX.YYY.ZZZ" using key:
     Principal: [1] SERVICEACCOUNT@REALM.COM
      KVNO: -1
      EncType: 18
      Key: 32 bytes, fingerprint = [f2 5d e2 71 df 84 33 95 ca 8e 1 b9 ff 53 bd 48]
    Exception for this key was:  com.dstc.security.kerberos.CryptoException: Integrity check failure[Note:  principal names are different;  this may or may not be a problem]
    [Note:  KVNO used wildcard match, not exact match;  perhaps the password used to generate this key is not the most recent password?]

  • Wireshark logs from server show the following:

         ETYPE-INFO2-ENTRY
         etype: eTYPE-AES256-CTS-HMAC-SHA1-96 (18)
         salt: REALM.COMserviceaccount

Read more...

Environment

  • Windows Server Operating System
  • SAP BusinessObjects Business Intelligence Platform 4.x

 

Product

SAP BusinessObjects Business Intelligence platform 4.0 ; SAP BusinessObjects Business Intelligence platform 4.1 ; SAP BusinessObjects Business Intelligence platform 4.2

Keywords

htkba biauth windows ad, ActiveDirectory, WinAD, secWinAD, krb5, krb5.ini, global.properties, idm.princ, case-sensitive, casing sensitive, aes, aes-encryption, encryption, sso failing, failed sso, single-sign-on, single sign-on, single signon, manual authenticaiton, automatic authentication, automatic sso, service acount, domain, realm, bi4, bi 4.x, bobj, 4.1, 4.2, 4.0, auth, , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.