Has anyone configured Kerberos SSO on Web Logic 12.1.2 with JDK 1.7 on Win 2012 R2 successfully or on Web Logic 12.2.1 with JDK 1.8 on Win 2012 R2

问题

This is a related problem described here in the link Has anyone configured Kerberos SSO on Web Logic 12.1.2 with JDK 1.7 on Win 2012 successfully?.

Is this problem resolved? I am facing the exact same problem on the Weblogic server version 12.1.3.0 running on Windows Server 2012 R2 on jdk 7u79. When I remove aes256-cts-hmac-sha1-96 from the krb5.ini file and generate a keytab file using ktab or ktpass utility, I get the error message in weblogic server saying :

com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96) Caused By: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)

Now, when I add aes256-cts-hmac-sha1-96 back to krb5.ini file and generate a keytab file, I get the error message in weblogic server saying

com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) Caused By: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)

I also tried to upgrade the jdk version to jdk 8u73 in the weblogic server 12.1.3.0 but the error scenario is exactly the same.

Also, when I try to use Weblogic server 12.2.1 on Windows Server 2012 R2 on jdk 8u73, I always get the error message:

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)

The above error is also mentioned here https://community.cloudera.com/t5/Storage-Random-Access-HDFS/SPNEGO-authentication-failure-with-openjdk-gt-7u80-HADOOP-10786/td-p/34829. So it can possibly be a problem with all jdk7u80+.

I have spent more than a week now struggling with this problem and still haven't managed to find a fix.

来源：https://stackoverflow.com/questions/36970517/has-anyone-configured-kerberos-sso-on-web-logic-12-1-2-with-jdk-1-7-on-win-2012