Single Sign On with Weblogic 12c and Kerberos

Hello!

Sorry for my English.

I’m trying to configure Single Sign On with Weblogic application server and Kerberos. But I’m still getting my login page… When I’m trying to access login page, in servername.out log file appears this log, without any errors (as I understand Additional pre-authentication required is a normal error):

Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt false ticketCache is null isInitiator true KeyTab is /oracle/product12/user_projects/domains/test/krb/test.keytab refreshKrb5Config is false principal is kinp@TEST.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false

KeyTab instance already exists

Added key: 23version: 19

Ordering keys wrt default_tkt_enctypes list

default etypes for default_tkt_enctypes: 23 3.

0: EncryptionKey: keyType=23 kvno=19 keyValue (hex dump)=

0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5

principal’s key obtained from the keytab

Acquire TGT using AS Exchange

default etypes for default_tkt_enctypes: 23 3.

KrbAsReq calling createMessage

KrbAsReq in createMessage

KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=137

KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=137

KrbKdcReq send: #bytes read=181

KrbKdcReq send: #bytes read=181

KdcAccessibility: remove 192.168.0.100

KDCRep: init() encoding tag is 126 req type is 11

KRBError:

sTime is Tue Jan 20 10:46:05 EET 2015 1421743565000

suSec is 576578

error code is 25

error Message is Additional pre-authentication required

realm is TEST.ORG

sname is krbtgt/TEST.ORG

eData provided.

msgType is 30

Pre-Authentication Data:

PA-DATA type = 11

PA-ETYPE-INFO etype = 23

PA-ETYPE-INFO salt =

Pre-Authentication Data:

PA-DATA type = 19

PA-ETYPE-INFO2 etype = 23

PA-ETYPE-INFO2 salt = null

Pre-Authentication Data:

PA-DATA type = 2

PA-ENC-TIMESTAMP

Pre-Authentication Data:

PA-DATA type = 16

Pre-Authentication Data:

PA-DATA type = 15

AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ

KrbAsReq salt is TEST.ORGdev

default etypes for default_tkt_enctypes: 23 3.

Pre-Authenticaton: find key for etype = 23

AS-REQ: Add PA_ENC_TIMESTAMP now

EType: sun.security.krb5.internal.crypto.ArcFourHmacEType

KrbAsReq calling createMessage

KrbAsReq in createMessage

KrbKdcReq send: kdc=192.168.0.100 UDP:88, timeout=30000, number of retries =3, #bytes=220

KDCCommunication: kdc=192.168.0.100 UDP:88, timeout=30000,Attempt =1, #bytes=220

KrbKdcReq send: #bytes read=1408

KrbKdcReq send: #bytes read=1408

KdcAccessibility: remove 192.168.0.100

EType: sun.security.krb5.internal.crypto.ArcFourHmacEType

KrbAsRep cons in KrbAsReq.getReply dev

principal is dev@TEST.ORG

EncryptionKey: keyType=23 keyBytes (hex dump)=0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5

Added server’s keyKerberos Principal dev@TEST.ORGKey Version 19key EncryptionKey: keyType=23 keyBytes (hex dump)=

0000: C3 CB 19 1C 64 6E F9 7F 6A C9 31 FB EE 69 E7 35 …dn…j.1…i.5

    [Krb5LoginModule] added Krb5Principal dev@TEST.ORG to Subject

Commit Succeeded

Found key for dev@TEST.ORG(23)

Entered Krb5Context.acceptSecContext with state=STATE_NEW

How can I solve this problem? Or how can I correctly debug this problem, to understand where is a miss.

Thanks!