Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
cajitq Absent Member.
Absent Member.
371 views

Unable to setup Kerberos on on SLES12 SP3 (IdM 4.5.6)

Hi

I'm trying to configure kerberos for the User Application on SLES 12 SP3 with IdM 4.5.6.

UA Info:
Servername: sridmuatest02.frbkom.dk
Userapp URL: https://idm.frederiksberg.dk:8443/dash

So I've tried a couple of times now to make the keytab file, but no mater what I do I get an Error when starting the UA. Here is the error I get i catalina.out on startup:

Class: OSPTenantStartException
Class: LoggableMessage
Level: SEVERE
Code: internal.osp.framework.exception.OSPTenantStartException.<init>() [20]
Thread: localhost-startStop-1
Correlation Id: 18455544-c8de-4892-8368-d0c49588c327
Text: OSP Tenant Start Error: Tenant Id: idm
Class: CoreException
Root cause:

java.lang.reflect.InvocationTargetException
internal.atlaslite.jcce.exception.CoreException
Error initializing Kerberos support
java.lang.SecurityException
java.io.IOException: Configuration Error:
No such file or directory
java.io.IOException
Configuration Error:
No such file or directory
sun.reflect.NativeConstructorAccessorImpl: NativeConstructorAccessorImpl.java: newInstance0: -2
sun.reflect.NativeConstructorAccessorImpl: NativeConstructorAccessorImpl.java: newInstance: 62
sun.reflect.DelegatingConstructorAccessorImpl: DelegatingConstructorAccessorImpl.java: newInstance: 45
java.lang.reflect.Constructor: Constructor.java: newInstance: 423
internal.osp.oidp.service.configuration.ConfigurationManager$InstanceLoader: ConfigurationManager.java: newInstance: 2,679
Root cause:

at internal.osp.framework.OSPContext.start(OSPContext.java:864)
at internal.osp.framework.OSPContext.start(OSPContext.java:758)
at internal.osp.framework.OSPContext.set(OSPContext.java:487)
at internal.osp.framework.servlet.OSPServletContext.<init>(OSPServletContext.java:100)
at internal.osp.framework.servlet.OSPContextListener.getContext(OSPContextListener.java:49)
at internal.osp.framework.servlet.OSPContextListener.contextInitialized(OSPContextListener.java:77)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4992)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5490)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1083)
at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1880)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:748)
Pre: [OSP]
Lvl: INFO
Java: internal.osp.framework.OSPContext.stop() [978] thread=localhost-startStop-1
Time: 2019-02-12T07:06:01.948+0100
LogDta: StopSystem

Pre: [OSP]
Lvl: SEVERE
Java: internal.osp.framework.servlet.OSPContextListener.contextInitialized() [85] thread=localhost-startStop-1
Time: 2019-02-12T07:05:57.450+0100
LogDta: Level: SEVERE
Code: internal.osp.framework.exception.OSPFrameworkStartException.<init>() [20]
Thread: localhost-startStop-1
Correlation Id: 076638f7-2ac6-4a0a-9574-7a6de77ca4ab
Text: OSP Framework Start Error
Level: SEVERE
Code: internal.osp.framework.exception.OSPTenantStartException.<init>() [20]
Thread: localhost-startStop-1
Correlation Id: 18455544-c8de-4892-8368-d0c49588c327
Text: OSP Tenant Start Error: Tenant Id: idm


As you can see it is saying that a file or directory is missing??

I've konfigures the /etc/krb5.conf file
I've placed the keytab file under /opt/netiq/idm/apps/tomcat/conf
I've made the Kerberos_login.config file under /opt/netiq/idm/apps/tomcat/kerberos
I've edited the java.security file to point to /opt/netiq/idm/apps/tomcat/kerberos/Kerberos_login.config

I've made novlua owner of all directories and files (except the java.security file)

I've tried to make the keytab file with both servername (sridmuatest02.frbkom.dk) or DNS name (idm.frederiksberg.dk)

No matter what I do I get the error shown above.

Does anybody have an idea to whats going on here???

Thank you all in advance!

Carsten Jørgensen
Labels (1)
Tags (2)
0 Likes
2 Replies
AutomaticReply Absent Member.
Absent Member.

Re: Unable to setup Kerberos on on SLES12 SP3 (IdM 4.5.6)

cajitq,

It appears that in the past few days you have not received a response to your
posting. That concerns us, and has triggered this automated reply.

These forums are peer-to-peer, best effort, volunteer run and that if your issue
is urgent or not getting a response, you might try one of the following options:

- Visit https://www.microfocus.com/support-and-services and search the knowledgebase and/or check
all the other self support options and support programs available.
- Open a service request: https://www.microfocus.com/support
- You could also try posting your message again. Make sure it is posted in the
correct newsgroup. (http://forums.microfocus.com)
- You might consider hiring a local partner to assist you.
https://www.partnernetprogram.com/partnerfinder/find.html

Be sure to read the forum FAQ about what to expect in the way of responses:
http://forums.microfocus.com/faq.php

Sometimes this automatic posting will alert someone that can respond.

If this is a reply to a duplicate posting or otherwise posted in error, please
ignore and accept our apologies and rest assured we will issue a stern reprimand
to our posting bot.

Good luck!

Your Micro Focus Forums Team
http://forums.microfocus.com



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Unable to setup Kerberos on on SLES12 SP3 (IdM 4.5.6)

cajitq <cajitq@no-mx.forums.microfocus.com> wrote:
>

Hi
>
> I'm trying to configure kerberos for the User Application on SLES 12 SP3

with IdM 4.5.6.
>
> UA Info:
> Servername: sridmuatest02.frbkom.dk
> Userapp URL: https://idm.frederiksberg.dk:8443/dash
>
> So I've tried a couple of times now to make the keytab file, but no

mater what I do I get an Error when starting the UA. Here is the error I
get i catalina.out on startup:
>
> -Class: OSPTenantStartException
> Class: LoggableMessage
> Level: SEVERE
> Code:

internal.osp.framework.exception.OSPTenantStartException.<init>() [20]
> Thread: localhost-startStop-1
> Correlation Id: 18455544-c8de-4892-8368-d0c49588c327
> Text: OSP Tenant Start Error: Tenant Id: idm
> Class: CoreException
> Root cause:
>
> java.lang.reflect.InvocationTargetException
> internal.atlaslite.jcce.exception.CoreException
> Error initializing Kerberos support
> java.lang.SecurityException
> java.io.IOException: Configuration Error:
> No such file or directory
> java.io.IOException
> Configuration Error:
> No such file or directory
> sun.reflect.NativeConstructorAccessorImpl:

NativeConstructorAccessorImpl.java: newInstance0: -2
> sun.reflect.NativeConstructorAccessorImpl:

NativeConstructorAccessorImpl.java: newInstance: 62
> sun.reflect.DelegatingConstructorAccessorImpl:

DelegatingConstructorAccessorImpl.java: newInstance: 45
> java.lang.reflect.Constructor: Constructor.java:

newInstance: 423
>

internal.osp.oidp.service.configuration.ConfigurationManager$InstanceLoader:
ConfigurationManager.java: newInstance: 2,679
> Root cause:
>
> at internal.osp.framework.OSPContext.start(OSPContext.java:864)
> at internal.osp.framework.OSPContext.start(OSPContext.java:758)
> at internal.osp.framework.OSPContext.set(OSPContext.java:487)
> at

internal.osp.framework.servlet.OSPServletContext.<init>(OSPServletContext.java:100)
> at

internal.osp.framework.servlet.OSPContextListener.getContext(OSPContextListener.java:49)
> at

internal.osp.framework.servlet.OSPContextListener.contextInitialized(OSPContextListener.java:77)
> at

org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4992)
> at

org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5490)
> at

org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
> at

org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
> at

org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
> at

org.apache.catalina.core.StandardHost.addChild(StandardHost.java:649)
> at

org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1083)
> at

org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1880)
> at

java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
> at java.util.concurrent.FutureTask.run(FutureTask.java:266)
> at

java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at

java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:748)
> Pre: [OSP]
> Lvl: INFO
> Java: internal.osp.framework.OSPContext.stop() [978]

thread=localhost-startStop-1
> Time: 2019-02-12T07:06:01.948+0100
> LogDta: StopSystem
>
> Pre: [OSP]
> Lvl: SEVERE
> Java:

internal.osp.framework.servlet.OSPContextListener.contextInitialized()
[85] thread=localhost-startStop-1
> Time: 2019-02-12T07:05:57.450+0100
> LogDta: Level: SEVERE
> Code:

internal.osp.framework.exception.OSPFrameworkStartException.<init>()
[20]
> Thread: localhost-startStop-1
> Correlation Id: 076638f7-2ac6-4a0a-9574-7a6de77ca4ab
> Text: OSP Framework Start Error
> Level: SEVERE
> Code:

internal.osp.framework.exception.OSPTenantStartException.<init>() [20]
> Thread: localhost-startStop-1
> Correlation Id: 18455544-c8de-4892-8368-d0c49588c327
> Text: OSP Tenant Start Error: Tenant Id: idm-
>
> As you can see it is saying that a file or directory is missing??
>
> I've konfigures the /etc/krb5.conf file
> I've placed the keytab file under /opt/netiq/idm/apps/tomcat/conf
> I've made the Kerberos_login.config file under

/opt/netiq/idm/apps/tomcat/kerberos
> I've edited the java.security file to point to

/opt/netiq/idm/apps/tomcat/kerberos/Kerberos_login.config
>
> I've made novlua owner of all directories and files (except the

java.security file)
>
> I've tried to make the keytab file with both servername

(sridmuatest02.frbkom.dk) or DNS name (idm.frederiksberg.dk)
>
> No matter what I do I get the error shown above.
>
> Does anybody have an idea to whats going on here???
>
> Thank you all in advance!
>
> Carsten Jørgensen



--
cajitq
------------------------------------------------------------------------
cajitq's Profile: https://forums.novell.com/member.php?userid=167924
View this thread: https://forums.novell.com/showthread.php?t=511235

>


Hi!

Can you verify ticketCache in Kerberos_login.config? Is it valid?

--
Best regards
Marcus
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.