OBIEE, SSO and serverVariable

Hello
When you configure SSO for OBIEE, we have the choice between Httpentete, cookie and serverVariable for the source the user name to authenticate.

I did find much documentation on this subject so I ask here:

-ServerVariable correspond to variables in POST or GET?

I ask because I have an application located on server A, and from there I want to redirect and connect the user to OBIEE (located on server B).
Problem is that I can't create a cookie that contains the user name in a server because it is on a different server, and the same goes for my Httpentete who is ignored because it is from another server.

My last solution seems the OBIEE server with GET or POST parameters to pass the variable. Is it possible? Thank you

If this isn't the case, don't you know that I might be able to solve my problem?
Thank you

ServerVariable corresponds to set POST or GET variables?

None of the two. Variable Server means that it is a variable in memory on the Web application server, so you can really set it up via PST or GET unless you deploy a Web Application that let's do you it.

I ask because I have an application located on server A, and from there I want to redirect and connect the user to OBIEE (located on server B).
Problem is that I can't create a cookie that contains the user name in a server because it is on a different server, and the same goes for my Httpentete who > get ignored because it is from another server.

Not correct. Cookies and HTTP headers can be sent between different servers, the restriction is between servers in different domains. This means that if site1.domain.com sets a cookie and you go to site2.domain.com then your browser it will pass with happiness. Therefore, what you need is in the server names fully qualified in the field of your company (server1.company.com or server2.company.local, etc.). If you do not use areas in your business you "fudge" the areas in your file hosts like this (replacing IP addresses with the correct IP addresses):

127.0.0.1 server1.test.com
127.0.0.1 server2.test.com

Then you can navigate to server1.test.com and server2.test.com your browser will think they are part of the same domain and he will share cookies between them.

Tags: Business Intelligence

Similar Questions

OBIEE SSO with permission
Hi gurus,

(1) I have configured instance SSO with windows Active Directory and OBIEE.

(2) I also have another instance (without configured SSO) with table external authentication (verification of name and password of the user) and authorization (groups, that populate the session for the filtering of data variables).

Now my question is, I want a combination of scenario 1 and scenario 2. I want OBIEE SSO with Active directory

and the groups in the external table.

The reason being, my groups are custom in the outer table groups, I do not want to keep users in the repository.

can you please give me some pointers if the scenario is possible. Thanks in advance

Thanks and greetings
Satya
Now my question is, I want a combination of scenario 1 and scenario 2. I want OBIEE SSO with Active directory and the groups in the external table.

I don't have what is your question? Just do SSO with AD, and then load the groups in the GROUP through SQL init block. What is your real problem?

To filter the report data, you must have the same structure of Group at Web cat I guess (correct me if I'm wrong).

Yes, even if you do not need to use the same workgroup name. Is MNI names I'd rather have completely separate groups, some for safety to the RPD for Web security catalog. As long as the groups exist in the appropriate location (RPD or Web catalog) and they are assigned in the block GROUP init then OBIEE will be happy, they do not need to exist in both places.

(2) No SSO will fill the Remote_User variable rather than the default USER variable.

No, you say OBIEE where to put the REMOTE_USER value. "You can simply select ': USER"FROM DUAL or if you have your users defined in a table, you can also authenticate the user exist in this table, SELECT": 'FROM USER_TABLE WHERE USER_ID =' USER: USER" which adds another layer of authentication to your SSO solution.

VCenter Mgmt and calculation with single SSO and related modes?

I am a great vCAC environment design and want to separate not only Mgmt/Compute clusters, but also of the vCenters. I want to be able to manage these inLinkedMode vCenter. My plan is to have 2 vCenter VM and VM Web/asingleSSO. When you install the two vCenters, I've just direct them to the server shared Web SSO, and then enableLinkedMode?
Will this work? Something else I'm missing? AsingleWeb server instance will be able to manage multiple vCenters?
Thank you
-MattG

Hello, MattG.

Yes, you can use 1 SS and 1 service WebClient for "single-pane-of-view" for 2 vCenters, I did the same thing recently, and you need not related modes. Just point your SSO and Web when installing two vCenters. But in this case, you can manage both of them single point in the Web Client, no thick vSphere client. If you need to manage two of them only heavy customer too, then you should make the related modes, but in this case as far as I know, you must also install multi-site SSO, not simple SSO node. I use the first schema.

Sorry for my bad English.

do not start to vCenter / problem with sso and ad

Hello
My vcenter will not start. in the error logs, I found the following errors...
I changed the server vcenter 5.1 to 5.1 and I insert the vcenter to my Active directroy. I uninstalled sso and installed again the backup file leave 5.1.
After the updates, I used vmware article because I changed the ad domain:
http://KB.VMware.com/selfservice/microsites/search.do?language=en_US & cmd = displayKC & externalId = 2036170
but now it does not start. How can I manually set the uri of the admin? I think it will be the problem:
2012 11-22 T 14: 53:06.575 + 01:00 [04720 info "authvpxdMoSessionManager"] [OSP] [SessionManagerMo::Init] Admin URI the value:
2012 11-22 T 14: 53:06.575 + 01:00 [04720 info "authvpxdMoSessionManager"] certificates [OSP] [SessionManagerMo::Init] download m root...
2012 11-22 T 14: 53:08.576 + 01:00 [error 01808 "HttpConnectionPool-000001' '] [ConnectComplete] connection failed for < cs p:000000000a1c48c0, TCP::80 >;
CNX: (null), error: class Vmacore::SystemException (konnte keine connection available werden, die Zielcomputer der da verweigerte connection.)
2012 11-22 T 14: 53:08.655 + 01:00 [error 04720 "[OSP] [SsoCertificateManagerImpl]"] [CreateAdminSsoServiceContent] failure when attempting
to connect to the SSO Admin Server: konnte keine connection available werden, die Zielcomputer der da verweigerte connection. . Retrying in 10 seconds.
2012 11-22 T 14: 53:16.332 + 01:00 [02512 WARNING opID "VpxProfiler" SWI-6f09bdcf =] VpxUtil_InvokeWithOpId [TotalTime] took ms 12030
2012 11-22 T 14: 53:19.073 + 01:00 [02212 info "Default"] detached thread
Greetings,
Markus

It seems that the computer refuses the connection (connection refused so loosely translated from German).

No firewall between the machines?

Maybe try to reorient and re-register vCenter? http://KB.VMware.com/selfservice/documentLinkInt.do?micrositeID=&popup=true&LanguageID=&externalID=2033620

SSO and to handle user with forms using Oracle db roles/privileges
By train from Oracle Application Server SSO with our application Forms application we are customized using the 10.2.0.1.0 Oracle database all version.

In our Applications forms, we have everything a dozen roles that we have assigned to different users. We need identify each user using our forms because we are using the GLOBAL USER throughout the application.

Issues related to the:
-Must create users/passwords in the OID and database application?
-Is it possible to easily manage users and passwords between SSO and forms App/database in one place? For example, how a user change their password once, but actually change in the database and the SSO?

Advice or direction would be greatly appreciated.

Thank you

Mika

Edited by: user11846198, 1 Sep 2009 13:41

Edited by: user11846198, 1 Sep 2009 13:53
Yes, you can have a global role in the Pb and assign to specific users from OID and the heritage of will this role privileges, you can do it by using Oracle Identity Management Web Tool http://hostname:7777 / oiddas is not complicated.

Greetings.

What is SSO and how set in obiee 11g?
Thank you
Check these
http://docs.Oracle.com/CD/E14571_01/bi.1111/e10543/SSO.htm
http://www.addidici.com/blog/?p=8
http://www.Oracle.com/technetwork/articles/IDM/WebLogic-SSO-Kerberos-1619890.html

Mark correct/good

Equivalent OBIEE TO_DATE and SUBSTR functions

I have the formula for the next column, which works correctly:
SUM (CASE WHEN (TimeStampDiff (SQL_TSI_month, "Registration - College". "" Effective colleges F. ((("' Program Start Date ', current_date)) / 12 < 6 THEN 1 ELSE 0 END)

I want to replace the current_date with scope of practice. Because the scope of practice is currently not in a date format (e.g. 201213, 201314, 201415), I need to use the TO_DATE and SUBSTR functions OBIEE equivalent to convert this field into a format that can be used by the TimeStampDiff function.
The current (outside OBIEE) SQL for the conversion of the year at a date looks like this:
To_date (substr (Fiscal_Year, 1, 4) |) '09', "YYYYMM")

I tried to replace current_date in the column formula above by the following, but it didn't work:
To this day (Substring ("registration - College". "D time". " "Exercise" FROM 1 to 4) | '09', "YYYYMM")

TO_DATETIME (LEFT ("registration - College". "D time". " ("' Exercise ', 4) | ("/ 09/01 ', ' yyyy/mm/dd')

Good course assuming that "registration - College". "D time". " "' Exercise ' is of type varchar, otherwise you will first need to cast as varchar or LEFT won't like it (but the error will tell you what the problem is exactly).

SSO and vulnerabilities

I have a few accounts with full privileges to do anything in SSO SSO. However, only [email protected] has all permissions in vCenter Server. Do accounts that have full privileges SSO, but not given any privilege in vCenter, represent a vulnerability to vCenter if compromised, or just for SSO?

If you have an account with full privileges in SSO so even if they do not have permissions on vCenter they might jeopardize the account [email protected] (change password, for example) and get full access.

Mike

Questions of SSO and vCO

Hello
I am trying to put in place a new vCO device and try to use SSO authentication. When I type in the invalid credentials and try to record, I get error messages stating that the credentials are not valid. When I type with the appropriate credentials, a weird error message appears, exactly how it is reflected in my image as an attachment. This account can log in to vCenter and has administrator rights. What could be the problem?
Thanks in advance.
Edit: I'm not sure if this helps, but I'm sticking which is added in the log when I try to register SSO. It seems to give the same error, even in the case of a bad name for username/password, but the error message on the authentication page clearly shows that he can make the difference...
2014-07-03 23:33:50.716 + 0000 [vcoSystemTaskScheduler-1] INFO {} [PurgeSessionAdaptor] Started verification of 0 sessions against the authentication provider.
2014-07-03 23:33:50.716 + 0000 [vcoSystemTaskScheduler-1] INFO {} [PurgeSessionAdaptor] checked 0 unique sessions in 0ms.
2014-07-03 23:53:50.716 + 0000 [vcoSystemTaskScheduler-2] INFO {} [PurgeSessionAdaptor] Started verification of 0 sessions against the authentication provider.
2014-07-03 23:53:50.717 + 0000 [vcoSystemTaskScheduler-2] INFO {} [PurgeSessionAdaptor] checked 0 unique sessions in 0ms.
00:13:50.717 2014-07-04 + 0000 [vcoSystemTaskScheduler-1] INFO {} [PurgeSessionAdaptor] Started verification of 0 sessions against the authentication provider.
00:13:50.717 2014-07-04 + 0000 [vcoSystemTaskScheduler-1] INFO {} [PurgeSessionAdaptor] checked 0 unique sessions in 0ms.

You must create a user on the Web Client SSO administrator. You cannot use a domain account, this user must be a SINGLE sign-on user that allows you to create a unique user Orchestrator

DR/BC Site, SRM, SSO and AD authentication.

You don't know where to put this so feel free to move.
I'm in the midsts of test DR/BC at this time with machines reproducing SRM until our BC site. We have improved at 5.1.1a all levels and since arriving in SSO, we had our fair share of issues. Some we have solved but a particularly important is not being able to authenticate with our domain controller off site on the site of BC when pull us the plug on the metro line.
I can connect to the outside VC via the Web Client using normal references of our main site absolutely perfect, but when I change the LDAP authentication on the off-site DC via the SSO configuration as admin@system-domain page then I can not connect. I get "authentication failed".

I also noticed I 'could not initialize at startup services' and a message informing me about the installation of a vCenter Server system when I login. I am not convinced THAT SSO is configured correctly, even if we have reinstalled three times now.

It's obviously an obstacle we have to overcome because if we cannot connect when pull us the plug between the sites to simulate a situation of DR/BC, then we cannot recover virtual machines.

Massive failure.

Problem solved.

Reinstalled one last time and this time a single site configuration. Rebooted everything, including the off-site DC and paid special attention to the Source of identity by using the editor attribute in ADUC to retrieve the DN for users and groups. I also changed the type of authentication to require a username and password and all went fine.

DR is to go.

vCenter for lack of SSO and no. log in the same root not

Hi guys
A journal of issues was announced today and I tried with my AD credentials to log my vCenter device 5.1 (build 880146). No go.
Tried with root credentials. I couldn't either.
So lucky me I found a loged in as Web client session yesterday I'm gone my SSO config I showed me this
then I went to vCenter Web Config and tried to restart the server and still the same issue
So at this moment I don't really know what has failed if was SSO or vCenter Server Service... so any idea that to find the cause?
-updated
Hey guys I found this/storage/sore we full-no idea how to avoid this problem?
Size of filesystem used Avail use % mounted on
/ dev/sda3 9.8 G G 4.2 5.1 G 46%.
udev 4.0 G 104 K 4.0 G 1% / dev
tmpfs G 4,0 4,0 G 0 0% / dev/shm
/ dev/sda1 128M 21 M 101M 17% / Boot
/ dev/sdb1 20G 20G 100% 0/storage/core
/ dev/sdb2 20G 3.2 G 16G 17% / storage/log
/ dev/sdb3 it 20G 15 G 4.4 G 77% / storage/db
Thank you very much

the kernel contains the dump files... If you don't need those... Delete them... you can also take a look at this thread to have a store NFS to store the unannounced dumps core.

http://communities.VMware.com/thread/403107?start=0&TSTART=0

Concerning

Girish

Silent installation and scripted of SSO and vCenter 5.1

Hello

I'm looking to do a silent installation and SSO scripted and vCenter.

The following worked for v5.0...

«"Start/wait d:\vCenter-Server\vmware-vcserver.exe/q/s/w/L1033 /v" /qn DB_SERVER_TYPE custom = DB_DSN =------DB_PASSWORD = ' vc\'-'XXXXXXX\' DB_USERNAME =------'sa\' VPX_USES_SYSTEM_ACCOUNT = 1/l * v \"c:\vcinstall.log\»»

... but does not work by 5.1 and I can't find any documentation.

Any help is appreciated as always.

Thank you, Andy.

Hi Andy,.

As Boloo said, there are some underlying the rules for vCenter 5.1 that did not exist for 5.0, which means that some additional settings are required for an installation script.

Here are some examples for you which I use when redeploy my lab (note that B:\VIM_51 is my media extracted folder):

Installation of SSO

start/wait B:\VIM_51\"Single Sign On"\VMware-SSO-Server.exe/L1033 /v"/ QR MASTER_PASSWORD = VMware1! CONFIRM_MASTER_PASSWORD = VMware1! CONFIG_TYPE = configuration SETUP_TYPE = basic SSO_DB_SERVER_TYPE =-"Custom\" JDBC_DBTYPE = Mssql JDBC_DBNAME = RSA JDBC_HOSTNAME_OR_IP = DC JDBC_HOST_PORT = 1433 JDBC_USERNAME = RSA_USER JDBC_PASSWORD = VMware1! SKIP_DB_USER_CREATION = 1 DBA_JDBC_USERNAME = RSA_DBA DBA_JDBC_PASSWORD = VMware1! COMPUTER_FQDN = VC. Lab.local IS_SSPI_NETWORK_SERVICE_ACCOUNT = 1 SSO_HTTPS_PORT = 7444 "

Installation of the Web Client

Start/wait B:\VIM_51\vSphere-WebClient\VMware-WebClient.exe/L1033 /v"HTTP_PORT HTTPS_PORT 9090 9443 SSO_ADMIN_USER=admin@System-Domain SSO_ADMIN_PASSWORD = = = VMware1! "LS_URL = https://vc.lab.local:7444 / lookupservice/sdk/QR".

Installation of the inventory

start/wait B:\VIM_51\"Inventory Service"\VMware-inventory-service.exe/L1033 /v"HTTPS_PORT = XDB_PORT = FEDERATION_PORT = QUERY_SERVICE_NUKE_DATABASE = 1 TOMCAT_MAX_MEMORY_OPTION 10111 10109 10443 = S SSO_ADMIN_USER=admin@System-Domain SSO_ADMIN_PASSWORD = VMware1! "LS_URL = https://vc.lab.local:7444 / lookupservice/sdk/QR".

vCenter installed (at least)

Start/wait B:\VIM_51\vCenter-Server\VMware-vcserver.exe/L1033 /v"/ QR DB_SERVER_TYPE = Custom DB_DSN = vCenterDB DB_USERNAME = vpx DB_PASSWORD = VMware1! FORMAT_DB = 1 JVM_MEMORY_OPTION = SSO_ADMIN_USER=admin@System-Domain SSO_ADMIN_PASSWORD = VMware1 S! LS_URL =https://vc.lab.local:7444/lookupservice/sdk IS_URL =https://vc.lab.local:10443 VC_ADMIN_USER=vi-admin@lab VC_ADMIN_IS_GROUP_VPXD_TXT = 0 VPX_USES_SYSTEM_ACCOUNT = 1 VCS_GROUP_TYPE = VCS_ADAM_LDAP_PORT unique = 389 VCS_ADAM_SSL_PORT = 636 VCS_HTTPS_PORT = 443 VCS_HTTP_PORT = 80 TC_HTTP_PORT = 8080 TC_HTTPS_PORT = VCS_WSCNS_PORT = VCS_HEARTBEAT_PORT = 902 "60099 8443

vSphere Client Installation

"Start/wait B:\VIM_51\vSphere-Client\VMware-viclient.exe/q/s/w/L1033 /v" / QR ".

VUM Plugin

"Start/wait B:\VIM_51\updateManager\VMware-UMClient.exe/q/s/w/L1033 /v" / QR ".

Install the Update Manager

Start/wait B:\VIM_51\updateManager\VMware-UpdateManager.exe/L1033 /v"/ QR VMUM_SERVER_SELECT = vc.lab.local VC_SERVER_IP = vc.lab.local VC_SERVER_ADMIN_USER =-'lab\vi-admin\' VC_SERVER_ADMIN_PASSWORD = VMware1! VCI_DB_SERVER_TYPE = Custom VCI_FORMAT_DB = 1 DB_DSN = DB_USERNAME VUM = vpx DB_PASSWORD = VMware1! »

Hope that helps, shout if you have any questions.

vCenter Server 5.1, SSO and Service of the inventory on a single server?

It is said in articles vmware all 3 roles can be installed for small deployments on a server with enough hardware requirements (2 hearts and 10 GB of RAM and hard drive 100 GB recommended).
Question is what is considered to be low?
Can I install all 3 roles on a server for lets say 14 guests and about 200 virtual machines?
If I have 3 vCenter servers I'd better install all 3 roles on each of the 3 servers. or have a SSO or SSO HA for all vCenter servers?
The problem is that we want to separate the vCenter by area.
A big thank you!

Yes, you can install all 3 roles on onse Server. We installed it on a virtual machine with 8 GB of RAM, 100 GB HD and 4 CPU.

For the decision on wheter to install all 3 roles on 3 vCenter servers, I recommend you to read the next page.

http://KB.VMware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalID=2032135

If I should make the decision, I separate completely all 3 areas and thus install 3 with 3 roles vCenter servers. But this does not mean you have to do the same thing.

Upgrade OBIEE RPD and catalog

Hi guys,.
We have 2 servers of OBIEE Server a (v11.1.1.6.x) and Server B (v11.1.1.7.x)
All developments to date had been made on a server and on the Bill of lading, we want to pass to the server B.
Please let me know the process for the same thing.
As far as my knowledge goes RPD A server version is 318 and the server B 325. Then, how to place the RPD to use it with Server B?
Thank you
Hitesh

Hi all

Thanks for the suggestions...

Please find below the suggestion that helped me and that I was looking for...

Take your SPR of A of machine and tool of administration on computer B and open your RPD. Once opened, save it to the desktop on your computer. Now you'll V325 RPD. Deploy this RPD to Server B.

For the catalog, simply move your catalog to the Machine B and restart all services...

Once that is done, go in the Administration tab in the presentation services and do analyse and update catalog objects... Which will improve your reports to 11.1.1.7.

Problem with OBIEE/WLS and MS AD Single Sign-On configuration
Hi all

My apologies if this should be posted in the general forum of WebLogic security rather than here, but given that the Oracle support doc called "+ Oracle BI 11 g and Weblogic for Single Sign-On configuration... + ' I thought I would try this first forum.

We lack OBIEE 11.1.1.6.5 on WLS 10.3.5.0 on Windows 2007 server.
Active Directory (2008) is running on Windows 2008 R2 Standard edition.

I followed the support document ID 1274953.1 mentioned above and have managed to get the AD authentication works between the OBIEE/WLS server and the MS AD server.
In other words; We are able to manually restart the BI Analytics with our AD username.

Now, when you try to configure Single Sign On, I'v reached the point where I'm just checking the configuration of Kerberos (page 19-20).

This defective with the following result:
```
C:\Oracle\..\middleware\user_projects\domains\ourdomain>java.exe -Dsun.security.krb5.debug=true sun.security.krb5.internal.tools.Kinit -k -t keytab [email protected]
KinitOptions cache name is C:\Users\oracleservice\krb5cc_oracleservice
Principal is [email protected]
Kinit using keytab

Kinit keytab file name: keytab

KeyTabInputStream, readName(): OURDOMAIN.LOCAL

KeyTabInputStream, readName(): wlsuser

KeyTab: load() entry length: 44; type: 3

KeyTabInputStream, readName(): OURDOMAIN.LOCAL

KeyTabInputStream, readName(): wlsuser

KeyTab: load() entry length: 44; type: 1

KeyTabInputStream, readName(): OURDOMAIN.LOCAL

KeyTabInputStream, readName(): wlsuser

KeyTab: load() entry length: 52; type: 23

KeyTabInputStream, readName(): OURDOMAIN.LOCAL

KeyTabInputStream, readName(): wlsuser

KeyTab: load() entry length: 60; type: 16

KeyTabInputStream, readName(): OURDOMAIN.LOCAL

KeyTabInputStream, readName(): wlsuser

KeyTab: load() entry length: 52; type: 17Added key: 17version: 5
Added key: 16version: 5
Added key: 23version: 5
Added key: 1version: 6
Added key: 3version: 5
Ordering keys wrt default_tkt_enctypes list
Config name: C:\Windows\krb5.ini
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17
Kinit realm name is OURDOMAIN.LOCAL

Creating KrbAsReq

KrbKdcReq local adresses for WLSSERVER are:
     WLSSERVER/10.0.0.2
IPv4 address

     WLSSERVER/0:0:0:0:0:0:0:1
IPv6 address
KdcAccessibility: resetUsing builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17
KrbAsReq calling createMessage

KrbAsReq in createMessage

Kinit: sending as_req to realm OURDOMAIN.LOCALException: krb_error 0 Cannot get kdc for realm OURDOMAIN.LOCAL No error
KrbException: Cannot get kdc for realm OURDOMAIN.LOCAL
     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:196)
     at sun.security.krb5.KrbKdcReq.send(KrbKdcReq.java:175)
     at sun.security.krb5.internal.tools.Kinit.sendASRequest(Kinit.java:298)
     at sun.security.krb5.internal.tools.Kinit.<init>(Kinit.java:237)
     at sun.security.krb5.internal.tools.Kinit.main(Kinit.java:107)
```
Our krb5.ini looks like this:
```
[libdefaults]
default_realm = OURDOMAIN.LOCAL
ticket_lifetime = 600

[realms]
OURDOMAIN.LOCAL = {
kdc = 10.0.0.1
admin_server = adserver.ourdomain.local
default_domain = OURDOMAIN.LOCAL
}

[domain_realm]
.ourdomain.local = OURDOMAIN.LOCAL

[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
```
The test above is done with a keytab file generated on the WLS server according to the documents.
I also tried using "ktpass' on the ad server to generate a keytab file there, and then placing a keytab on the WLS server file.
It doesn't work with ' Exception: krb_error 0, no key found in keytab support. "

I am able to run a ping between servers and have checked that there is no firewall running on one of the servers (they have virtual servers in a closed network). If the AD server should be able to receive TCP/UDP traffic on port 88 Kerberos.

I'm kinda stuck here, and I can't see that we have different document Metalink support in our configuration.
All good tips and advice on how to solve this problem would be appreciated.

Kind regards
-Haakon-
Hello

There is an error in the krb5.ini or krb5.conf:

> kinit HTTP/ukpsrv016.bah.com
Password HTTP / [email protected]:welcome1
Exception: krb_error 0 cannot get kdc for Kingdom BAH.COM errors
KrbException: Failed to get kdc for BAH.COM domain
at sun.security.krb5.KrbKdcReq.send (unknown Source)
at sun.security.krb5.KrbKdcReq.send (unknown Source)
at sun.security.krb5.KrbAsReq.send (unknown Source)
to sun.security.krb5.internal.tools.Kinit. (Unknown source)
at sun.security.krb5.internal.tools.Kinit.main (unknown Source)

-Check the krb5.ini (Windows) or krb5.conf (Linux, Unix) syntax errors.
-L' example above was due to lack of space on each side of the '='.
-Search for missing parameters, lack of spaces, uppercase or lowercase differences
misspellings, missing or unbalanced parentheses.

Refer to:
http://docs.Oracle.com/javase/1.5.0/docs/Guide/Security/jgss/tutorials/KerberosReq.html#SetProps

Also if this force solves the issue, could you let us know how you created the keytabs, and also orders setspn (with the user account as an administrator in AD WLS account). ?

I hope this helps. Pls mark if he does.

Thank you
SVS

OBIEE, SSO and serverVariable

Similar Questions

Maybe you are looking for