Kerberos Fails With Error: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled

(Doc ID 1574596.1)

Last updated on MARCH 21, 2017

Applies to:

Oracle WebCenter Content - Version 11.1.1.4.0 and later
Information in this document applies to any platform.

Symptoms

The Webcenter Content server domain is configured for WNA, Windows Integrated Authentication utilizing Kerberos.

When a user accesses the WCC page and clicks the Login button, the user is redirected to login page.

In the WCC Managed Server log file the following exception is generated:

####<Jul 19, 2013 12:06:09 PM EDT> <Debug> <SecurityAtn> <IOTECMD06VW> <UCM_server1> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <bba989db63bfb650:5c9e38ed:13ff7ac4244:-8000-0000000000000020> <1374249969167> <BEA-000000> <acceptGssInitContextToken failed

com.bea.security.utils.kerberos.KerberosException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at com.bea.security.utils.kerberos.KerberosTokenHandler.acceptGssInitContextTokenInDoAs(KerberosTokenHandler.java:334)


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms