Windows Desktop Single Sign On / Kerberos Authentication does not work with OpenAM 12.0.3. It provides this error in the debug logs:
Kerberos token for xxx not trusted
Steps to reproduce.
1. Install OpenAm
2. create realm (wdsso)
3. set DataStore to AD Server
4. Verify that you see your AD users in the Subjects Tab
5. Configure WDSSO auth module
6. set WDSSO as the auth module for ldapService
7. Restart AM
8. go to this URL:
AM Authentication debug logs will show:
Kerberos token for Administrator@WINDOWS.EXAMPLE.COM not trusted
(my Desktop that I'm signed into is in the WINDOWS.EXAMPLE.COM domain and I'm signed in as "Administrator")
Received same error when installing 12.0.1 and verifying the wdsso/kerberos authentication works, and then upgrading to 12.0.3. After upgrade the AM Server says the Kerberos Token is not trusted.