My Oracle Support Banner

com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC) (Doc ID 1362571.1)

Last updated on AUGUST 31, 2020

Applies to:

Oracle WebLogic Server - Version 10.3 and later
Information in this document applies to any platform.

Symptoms

On WLS 10.3.5 version, WLS Security / SSO / Kerberos / SPNEGO, when attempting to authenticate on WLS, the following error occurs:

 <Debug> <SecurityAtn> .. <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> .. <BEA-000000> <acceptGssInitContextToken failed
com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
  at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:334)
...

After creating the SPN on the AD side, creating the keytab file, configuring Kerberos on the Weblogic Server side, a try to authenticate to the webapp via SSO failed with the Kerberos exception above.

The configuration was:

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.