OBIEE 11g: Error: "401 Unauthorized Error" Logging Into OBIEE After Modifying krb5login.conf File (Doc ID 1370629.1)

Last updated on JANUARY 23, 2017

Applies to:

Business Intelligence Suite Enterprise Edition - Version 11.1.1.5.0 [1308] and later
Business Intelligence Server Enterprise Edition - Version 11.1.1.5.0 [1308] and later
Information in this document applies to any platform.
***Checked for relevance on 08-Nov-2013***

Symptoms

You are using Kerberos for Single Sign-On. You have installed OBIEE 11g (11.1.1.5.0) using SSO with Active Directory and Windows Native Authentication following <Document 1274953.1>.  However you cannot log into OBIEE, you get the error:

401 unauthorized page.



Looking in AdminServer.Log you see the error:

####<Aug 8, 2011 7:10:07 PM EEST> <Debug> <SecurityAtn> <obieedemo> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <cdacf9dd21de3046:4fb27df4:131a9fa9d26:-8000-00000000000001b0> <1312819807905> <BEA-000000> <acceptGssInitContextToken failed
com.bea.security.utils.kerberos.KerberosException: No Configuration was registered that can handle the configuration named com.sun.security.jgss.krb5.accept
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:343)
at com.bea.security.utils.kerberos.KerberosTokenHandler.access$000(KerberosTokenHandler.java:41)
at com.bea.security.utils.kerberos.KerberosTokenHandler$1.run(KerberosTokenHandler.java:227)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:224)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:153)
at com.bea.common.security.internal.utils.negotiate.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:59)
at weblogic.security.providers.authentication.NegotiateIdentityAsserterProviderImpl.assertChallengeIdentity(NegotiateIdentityAsserterProviderImpl.java:210)
at com.bea.common.security.internal.legacy.service.ChallengeIdentityAssertionProviderImpl$ChallengeIdentityAsserterV2Adapter.assertChallengeIdentity(ChallengeIdentityAssertionProviderImpl.java:130)
at com.bea.common.security.internal.service.ChallengeIdentityAssertionTokenServiceImpl.assertChallengeIdentity(ChallengeIdentityAssertionTokenServiceImpl.java:120)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy24.assertChallengeIdentity(Unknown Source)
at com.bea.common.security.internal.service.ChallengeIdentityAssertionServiceImpl.assertChallengeIdentity(ChallengeIdentityAssertionServiceImpl.java:112)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy30.assertChallengeIdentity(Unknown Source)
...
...


####<Aug 8, 2011 7:10:07 PM EEST> <Debug> <SecurityAtn> <obieedemo> <AdminServer> <[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <cdacf9dd21de3046:4fb27df4:131a9fa9d26:-8000-00000000000001b0> <1312819807905> <BEA-000000> <Exception com.bea.security.utils.kerberos.KerberosException: No Configuration was registered that can handle the configuration named com.sun.security.jgss.krb5.accept
com.bea.security.utils.kerberos.KerberosException: No Configuration was registered that can handle the configuration named com.sun.security.jgss.krb5.accept
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:343)
at com.bea.security.utils.kerberos.KerberosTokenHandler.access$000(KerberosTokenHandler.java:41)
at com.bea.security.utils.kerberos.KerberosTokenHandler$1.run(KerberosTokenHandler.java:227)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:224)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextToken(KerberosTokenHandler.java:153)
at com.bea.common.security.internal.utils.negotiate.SPNEGONegotiateToken.getUsername(SPNEGONegotiateToken.java:59)
at weblogic.security.providers.authentication.NegotiateIdentityAsserterProviderImpl.assertChallengeIdentity(NegotiateIdentityAsserterProviderImpl.java:210)
at com.bea.common.security.internal.legacy.service.ChallengeIdentityAssertionProviderImpl$ChallengeIdentityAsserterV2Adapter.assertChallengeIdentity(ChallengeIdentityAssertionProviderImpl.java:130)
at com.bea.common.security.internal.service.ChallengeIdentityAssertionTokenServiceImpl.assertChallengeIdentity(ChallengeIdentityAssertionTokenServiceImpl.java:120)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy24.assertChallengeIdentity(Unknown Source)

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms