My Oracle Support Banner

WNA JAZN Kerberos Initialization Fails with Error "No Valid Credentials Provided" but KINIT Works (Doc ID 397203.1)

Last updated on MARCH 01, 2023

Applies to:

Oracle Application Server Single Sign-On - Version 10.1.2.0.2 to 10.1.4.3 [Release 10gR2 to 10gR3]
Information in this document applies to any platform.

Symptoms

  • Accessing any SSO protected application after enabling WNA fails with error HTTP 500
  • The file $ORACLE_HOME/opmn/logs/OC4J~OC4J_SECURITY~default_island~1 shows after enabling JAZN debugging [described in the troubleshooting section of article 264666.1] that a lower case Active Domain is used, for example: principal is HTTP/<SSO_SERVERNAME>@<ACTIVE_DIRECTORY_DOMAIN>
  • kinit HTTP/<SSO_SERVERNAME> is successful
  • krb5.conf/krb5.ini contains the Active Directory Domain in upper case
  • klist -k -e -K -t <PATH>/<KEYTAB_FILE_NAME> shows also an upper case AD domain

Changes

Configuration of Windows Native Authentication ( WNA )

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.