HTTP-403 Forbidden with WNA-enabled SSO; OC4J_SECURITY Log Shows 'KDC has no support for encryption type (14)'

(Doc ID 356347.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.2 [Release 10gR1 to 10gR2]
Information in this document applies to any platform.
***Checked for relevance on 01-JAN-2014***


Symptoms

SSO login enabled for Windows Native Authentication (WNA) is failing with HTTP-403 Forbidden error in the browser.

OC4J~OC4J_SECURITY~default_island~1 log shows error 'KDC has no support for encryption type (14)'.

e.g.

05/12/01 14:43:51 GSSException raised: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
05/12/01 14:43:51 GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
05/12/01 14:43:51 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:599)
05/12/01 14:43:51 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
05/12/01 14:43:51 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
05/12/01 14:43:51 at oracle.security.jazn.oc4j.KerberosAuthenticator.gssAuthenticate(Unknown Source)
05/12/01 14:43:51 at oracle.security.jazn.oc4j.KerberosAuthenticator.getAuthentication(Unknown Source)
05/12/01 14:43:51 at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletReqest.java:3620)
05/12/01 14:43:51 at com.evermind.server.http.HttpApplication.authenticate(HttpApplication.java:6042)
05/12/01 14:43:51 at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:2612)
05/12/01 14:43:51 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:640)
05/12/01 14:43:51 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:208)
05/12/01 14:43:51 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:125)
05/12/01 14:43:51 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
05/12/01 14:43:51 at java.lang.Thread.run(Thread.java:536)



Changes

SSO has been enabled for Windows Native Authentication.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms