Highlighted
letroncoso Trusted Contributor.
Trusted Contributor.
526 views

Identity Applications 4.7.2 not working with kerberos

Hi

new Enviroment


  • SO RHEL 7.3
  • eDirectory 9.1 SP2 (40103.11)
  • iManager 3.1.2
  • IDM 4.7.2
  • Identity Applications 4.7.2 (no SSPR)



We in IDM 4.5.6 had configured kerberos and it worked correctly
Migrate to 4.7 and later to 4.7.2 and after reconfiguring the necessary, Kerberos does not work, in the log it is not seen trying to make any configuration of kerberos.
We verify the documentation
https://www.netiq.com/documentation/identity-manager-47/identity_apps_admin/data/b1dizhf5.html


and the differences that we have is that the principalname (User login name) is different, just as when generating the keytab, the crypto ALL property was not owned


any ideas ​​how to Troubleshooting

Thanks in advance.
Labels (1)
0 Likes
2 Replies
letroncoso Trusted Contributor.
Trusted Contributor.

Re: Identity Applications 4.7.2 not working with kerberos

Additional information
in tomcat properties add
-Dsun.security.krb5.debug=true

In server.xml
add maxHttpHeaderSize="32768" to Connector protocol
0 Likes
Marcus Tornberg Honored Contributor.
Honored Contributor.

Re: Identity Applications 4.7.2 not working with kerberos

Hi!

Please verify that you have updated the java.security file for the correct JRE. A common misstake is to edit for the jre under /opt/netiq/idm/apps/jre/lib/security, but the installations I have been working on utilize /opt/netiq/common/jre.

You can see what JRE tomcat is using by executing:
ps -aux | grep tomcat

Best regards
Marcus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.