Oracle Access Manager 11g (OAM 11.1.2.3) WNA - Multiforest Multidomain Fails with GSSException: Failure Unspecified at GSS-API level (Mechanism level: Checksum Failed) (Doc ID 2230377.1)

Last updated on FEBRUARY 11, 2017

Applies to:

Oracle Access Manager - Version 11.1.2.3.0 and later
Information in this document applies to any platform.

Symptoms

Oracle Access Manager 11g (OAM 11.1.2.3) WNA - Multi-forest Multi-domain Fails with GSSException: Failure Unspecified at GSS-API level (Mechanism level: Checksum Failed)

OAM 11.1.2.3.0 WNA  Multi Domain Multi Forest Setup fails with exception as below -

  

3. kinit is used to verify kerberos authentication and can sign into the application using domain 1, but when attempting to use second domain, it fails with the message "An incorrect Username or Password was specified".

4. Domain 1 and domain 2 user accounts exist in the backend OID and both service principal accounts are synced in OID through the DIP provisioning tool from each AD.

5. None of the accounts are locked/disabled and authentication with domain 2 is successful when using OID directly, just not through WNA.

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms