这是链接Has anyone configured Kerberos SSO on Web Logic 12.1.2 with JDK 1.7 on Win 2012 successfully?中描述的相关问题。
此问题是否已解决?我在jdk 7u79上的Windows Server 2012 R2上运行的Weblogic服务器版本12.1.3.0上遇到了完全相同的问题。 当我从krb5.ini文件中删除aes256-cts-hmac-sha1-96并使用ktab或ktpass实用程序生成keytab文件时,我在weblogic服务器中收到错误消息:
com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96) Caused By: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - AES256 CTS mode with HMAC SHA1-96
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
现在,当我将aes256-cts-hmac-sha1-96添加回krb5.ini文件并生成keytab文件时,我在weblogic服务器中收到错误消息
com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) Caused By: java.security.GeneralSecurityException: Checksum failed
at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451)
我还尝试在weblogic服务器12.1.3.0中将jdk版本升级到jdk 8u73,但错误情况完全相同。
此外,当我尝试在jdk 8u73上的Windows Server 2012 R2上使用Weblogic服务器12.2.1时,我总是收到错误消息:
GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127)
at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
此处还提到了上述错误https://community.cloudera.com/t5/Storage-Random-Access-HDFS/SPNEGO-authentication-failure-with-openjdk-gt-7u80-HADOOP-10786/td-p/34829。所以它可能是所有jdk7u80 +的问题。
我已经花了一个多星期的时间来解决这个问题,但仍然无法找到解决办法。