Hello All,
FPN in portal 7.3 is not working. Please advice.
Errors found in logs -
1.
Could not validate SPNEGO token.
[EXCEPTION]
com.sap.engine.services.security.authentication.umapping.UserMappingNoSuchUserException: No user with account attributes [[namespace=com.sap.security.core.authentication, name=principal, value=vs-sys45.IBM-ERP, isCaseSensitive=false], [namespace=com.sap.security.core.authentication, name=realm, value=ALJAZEERA.TV, isCaseSensitive=false]] found
at com.sap.engine.services.security.authentication.umapping.UserMappingServiceImpl.getUserByAccountAttributes(UserMappingServiceImpl.java:184)
at com.sap.security.core.server.jaas.spnego.util.SPNEGOUserMappingUtil.searchUser(SPNEGOUserMappingUtil.java:82)
2.
Could not validate SPNEGO token.
[EXCEPTION]
java.lang.Exception: Store of token in replay cache failed. Possible replay attack detected.
at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.throwValidationException(KrbApReq.java:125)
at com.sap.security.core.server.jaas.spnego.krb5.KrbApReq.validate(KrbApReq.java:118)
at com.sap.security.core.server.jaas.SPNegoLoginModule.validateSPNEGOToken(SPNegoLoginModule.java:323)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:504)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:154)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:269)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
3.
LOGIN.FAILED
User: N/A
IP Address: 10.234.11.20
Authentication Stack: ticket
Authentication Stack Properties:
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
#1 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok exception true Trigger SPNEGO authentication.
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUIRED ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUIRED ok false true
4. Can't map exception.
[EXCEPTION]
com.sap.engine.services.security.exceptions.BaseLoginException: Cannot authenticate the user.
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:131)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:269)
at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:876)
Caused by: javax.security.auth.login.LoginException: NTLM token received in authorization header.
at com.sap.security.core.server.jaas.SPNegoLoginModule.failedAuthenticationException(SPNegoLoginModule.java:369)
at com.sap.security.core.server.jaas.SPNegoLoginModule.checkAuthorizationHeaderToken(SPNegoLoginModule.java:463)
at com.sap.security.core.server.jaas.SPNegoLoginModule.parseSPNEGOToken(SPNegoLoginModule.java:282)
at com.sap.security.core.server.jaas.SPNegoLoginModule.processAuthorizationHeader(SPNegoLoginModule.java:484)
at com.sap.security.core.server.jaas.SPNegoLoginModule.login(SPNegoLoginModule.java:154)
at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:254)
at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:66)
... 59 more
Have investigated a lot since last 3 days, tried many possible solutions but they are not working like to mention a few,
SAP Note # 1649110, http://scn.sap.com/people/holger.bruchelt/blog/2010/04/08/new-spnego-login-module--just-around-the-corner,
Please advice.
Thanks a tonne,
Ritu