Oracle SSO WNA Login Fails: GSSException raised in constructor - No valid credentials provided (Doc ID 1089072.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
****Checked for relevance on 07-JAN-2014***


Symptoms


Oracle Single Sign-On (SSO) has been configured for Windows Native Authentication (WNA), however SSO WNA automatic login is not working for Windows domain users. When an SSO protected site is accessed the Windows domain user is redirected to the SSO login page instead of being automatically authenticated with their Windows credentials.

The $ORACLE_HOME/opmn/logs/OC4J~OC4J_SECURITY~default_island~1 log file shows that SSO JAZN Kerberos initialization failed with error 'GSS Exception raised in constructor - No valid credentials provided'.

Example OC4J~OC4J_SECURITY~default_island~1 log entry:

10/04/22 17:10:23 Getting creds for HTTP/srv01.oracle.com@AD.COM...
10/04/22 17:10:23 Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is D:\oraclesso\j2ee\OC4J_SECURITY\config\sso.keytab refreshKrb5Config is false principal is HTTP/SRV01.oracle.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal's key obtained from the keytab
10/04/22 17:10:23 principal is HTTP/SRV01.oracle.com@AD.COM
10/04/22 17:10:23 KerberosAuthenticator: GSSException raised in constructor - No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
10/04/22 17:10:23 GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
10/04/22 17:10:23 at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
10/04/22 17:10:23 at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
10/04/22 17:10:23 at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
10/04/22 17:10:23 at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
10/04/22 17:10:23 at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
10/04/22 17:10:23 at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
10/04/22 17:10:23 at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
10/04/22 17:10:23 at oracle.security.jazn.oc4j.KerberosAuthenticator.<init>(Unknown Source)
10/04/22 17:10:23 at oracle.security.jazn.oc4j.RealmUserManager.getHttpAuthenticator(Unknown Source)
10/04/22 17:10:23 at oracle.security.jazn.oc4j.FilterUserManager.getHttpAuthenticator(Unknown Source)
10/04/22 17:10:23 at com.evermind.server.http.HttpApplication.initAuthenticator(HttpApplication.java:5380)
10/04/22 17:10:23 at com.evermind.server.http.HttpApplication.initDynamic(HttpApplication.java:991)
10/04/22 17:10:23 at com.evermind.server.http.HttpApplication.<init>(HttpApplication.java:560)
10/04/22 17:10:23 at com.evermind.server.Application.getHttpApplication(Application.java:915)
10/04/22 17:10:23 at com.evermind.server.http.HttpServer.getHttpApplication(HttpServer.java:707)
10/04/22 17:10:23 at com.evermind.server.http.HttpSite.initApplications(HttpSite.java:637)
10/04/22 17:10:23 at com.evermind.server.http.HttpSite.setConfig(HttpSite.java:278)
10/04/22 17:10:23 at com.evermind.server.http.HttpServer.setSites(HttpServer.java:278)
10/04/22 17:10:23 at com.evermind.server.http.HttpServer.setConfig(HttpServer.java:179)
10/04/22 17:10:23 at com.evermind.server.ApplicationServer.initializeHttp(ApplicationServer.java:2435)
10/04/22 17:10:23 at com.evermind.server.ApplicationServer.setConfig(ApplicationServer.java:1592)
10/04/22 17:10:23 at com.evermind.server.ApplicationServerLauncher.run(ApplicationServerLauncher.java:92)
10/04/22 17:10:23 at java.lang.Thread.run(Thread.java:534)
10/04/22 17:10:23 Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
at java.lang.StringBuffer.append(StringBuffer.java:467)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:576)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:475)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
.......
.......


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms