My Oracle Support Banner

Oracle Access Manager 11g (OAM 11.1.2.3) WNA - Multiforest Multidomain Fails with GSSException: Failure Unspecified at GSS-API level (Mechanism level: Checksum Failed) (Doc ID 2230377.1)

Last updated on SEPTEMBER 14, 2018

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager 11g (OAM 11.1.2.3) WNA - Multi-forest Multi-domain Fails with GSSException: Failure Unspecified at GSS-API level (Mechanism level: Checksum Failed)

OAM 11.1.2.3.0 WNA  Multi Domain Multi Forest Setup fails with exception as below -

  

3. kinit is used to verify kerberos authentication and can sign into the application using domain 1, but when attempting to use second domain, it fails with the message "An incorrect Username or Password was specified".

4. Domain 1 and domain 2 user accounts exist in the backend OID and both service principal accounts are synced in OID through the DIP provisioning tool from each AD.

5. None of the accounts are locked/disabled and authentication with domain 2 is successful when using OID directly, just not through WNA.

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.