HTTP-500 Internal Server Error: WNA Enabled SSO Login Fails

(Doc ID 368228.1)

Last updated on MARCH 08, 2017

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2 to 10.1.4 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.
***Checked for relevance on 15-MAY-2016***

Symptoms

After configuring Oracle Single Sign-On (SSO) for Windows Native Authentication (WNA), SSO login fails with error HTTP-500 Internal Server Error.

The OC4J_SECURITY log with JAZN debug logging enabled shows that SSO Kerberos initalization fails on SSO startup:

06/03/30 11:06:26 Getting creds for HTTP/sso.oracle.com@ORACLE.COM...
06/03/30 11:06:26 Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null KeyTab is sso.keytab refreshKrb5Config is false principal is HTTP/sso.oracle.com tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Key for the principal HTTP/sso.oracle.com@ORACLE.COM not available in sso.keytab
06/03/30 11:06:24 [Krb5LoginModule] authentication failed
Unable to obtain password from user

06/03/30 11:06:24 KerberosAuthenticator: GSSException raised in constructor - No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
06/03/30 11:06:24 GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
....

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms