Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 12.0.3
    • Fix Version/s: 12.0.4
    • Component/s: authentication
    • Labels:
    • Sprint:
      AM Sustaining Sprint 25
    • Support Ticket IDs:

      Description

      Windows Desktop Single Sign On / Kerberos Authentication does not work with OpenAM 12.0.3. It provides this error in the debug logs:

      Kerberos token for xxx not trusted

      Steps to reproduce.

      1. Install OpenAm
      2. create realm (wdsso)
      3. set DataStore to AD Server
      4. Verify that you see your AD users in the Subjects Tab
      5. Configure WDSSO auth module
      6. set WDSSO as the auth module for ldapService
      7. Restart AM
      8. go to this URL:
      http://host1.example.com:3838/openam/XUI/#login/wdsso

      AM Authentication debug logs will show:

      Kerberos token for Administrator@WINDOWS.EXAMPLE.COM not trusted

      (my Desktop that I'm signed into is in the WINDOWS.EXAMPLE.COM domain and I'm signed in as "Administrator")

      Received same error when installing 12.0.1 and verifying the wdsso/kerberos authentication works, and then upgrading to 12.0.3. After upgrade the AM Server says the Kerberos Token is not trusted.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                sachiko Sachiko Wallace
                Reporter:
                david.bate David Bate
                QA Assignee:
                Filip Kubáň [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: