My Oracle Support Banner

HTTP-403 Forbidden with WNA-enabled SSO; OC4J_SECURITY Log Shows 'KDC has no support for encryption type (14)' (Doc ID 356347.1)

Last updated on AUGUST 15, 2018

Applies to:

Oracle Application Server Single Sign-On - Version 9.0.4 to 10.1.2 [Release 10gR1 to 10gR2]
Information in this document applies to any platform.
***Checked for relevance on 01-JAN-2014***


Symptoms

SSO login enabled for Windows Native Authentication (WNA) is failing with HTTP-403 Forbidden error in the browser.

OC4J~OC4J_SECURITY~default_island~1 log shows error 'KDC has no support for encryption type (14)'.

e.g.

05/12/01 14:43:51 GSSException raised: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
05/12/01 14:43:51 GSSException: Failure unspecified at GSS-API level (Mechanism level: KDC has no support for encryption type (14))
05/12/01 14:43:51 at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:599)
05/12/01 14:43:51 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:300)
05/12/01 14:43:51 at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:246)
05/12/01 14:43:51 at oracle.security.jazn.oc4j.KerberosAuthenticator.gssAuthenticate(Unknown Source)
05/12/01 14:43:51 at oracle.security.jazn.oc4j.KerberosAuthenticator.getAuthentication(Unknown Source)
05/12/01 14:43:51 at com.evermind.server.http.EvermindHttpServletRequest.getUserPrincipalInternal(EvermindHttpServletReqest.java:3620)
05/12/01 14:43:51 at com.evermind.server.http.HttpApplication.authenticate(HttpApplication.java:6042)
05/12/01 14:43:51 at com.evermind.server.http.HttpApplication.getRequestDispatcher(HttpApplication.java:2612)
05/12/01 14:43:51 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:640)
05/12/01 14:43:51 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:208)
05/12/01 14:43:51 at com.evermind.server.http.AJPRequestHandler.run(AJPRequestHandler.java:125)
05/12/01 14:43:51 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
05/12/01 14:43:51 at java.lang.Thread.run(Thread.java:536)



Changes

SSO has been enabled for Windows Native Authentication.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution

This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.