Kerberos Error: "Mechanism level: RC4 with HMAC encryption type not in permitted_enctypes list" (Doc ID 1486517.1)

Last updated on SEPTEMBER 13, 2012

Applies to:

Oracle Weblogic Server - Version 10.3.5 and later
Information in this document applies to any platform.

Symptoms

While configuring Kerberos with Weblogic Server and Active Directory on Windows Server 2008 R2. Following errors are seen in the logs:

<BEA-000000> <Exception when asserting ChallengeIdentity
javax.security.auth.login.LoginException: weblogic.security.spi.IdentityAssertionException: com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: RC4 with HMAC encryption type not in permitted_enctypes list)
at com.bea.common.security.internal.service.ChallengeIdentityAssertionServiceImpl.assertChallengeIdentity(ChallengeIdentityAssertionServiceImpl.java:128)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy38.assertChallengeIdentity(Unknown Source)
at com.bea.common.security.internal.service.NegotiateIdentityAsserterServiceImpl$NegotiateHandler.assertChallengeContext(NegotiateIdentityAsserterServiceImpl.java:327)
at com.bea.common.security.internal.service.NegotiateIdentityAsserterServiceImpl$NegotiateHandler.process(NegotiateIdentityAsserterServiceImpl.java:212)
at com.bea.common.security.internal.service.NegotiateIdentityAsserterServiceImpl.process(NegotiateIdentityAsserterServiceImpl.java:130)
at sun.reflect.GeneratedMethodAccessor307.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:57)
at $Proxy39.process(Unknown Source)
at weblogic.security.providers.authentication.NegotiateIdentityAsserterServletAuthenticationFilter.doFilter(NegotiateIdentityAsserterServletAuthenticationFilter.java:33)
at weblogic.servlet.security.internal.AuthFilterChain.doFilter(AuthFilterChain.java:37)
at weblogic.servlet.security.internal.SecurityModule$ServletAuthenticationFilterAction.run(SecurityModule.java:645)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.security.internal.SecurityModule.invokeAuthFilterChain(SecurityModule.java:534)
at weblogic.servlet.security.internal.FormSecurityModule.checkUserPerm(FormSecurityModule.java:224)
at weblogic.servlet.security.internal.FormSecurityModule.checkAccess(FormSecurityModule.java:96)
at weblogic.servlet.security.internal.ChainedSecurityModule.checkAccess(ChainedSecurityModule.java:79)
at weblogic.servlet.security.internal.ServletSecurityManager.checkAccess(ServletSecurityManager.java:82)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2213)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2183)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1454)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
>

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms