Hello Community Members,
Looking for help on getting the Single Sign On working for Maximo 7613 on WebSphere with Microsoft AD. I have followed the Part 3: Single Sign On (SSO) configuration that uses SPNEGO steps from the below link.
https://www.ibm.com/support/pages/how-configure-single-sign-sso-authentication-ibm%C2%AE-maximo%C2%AE-76x
I already have the LDAP authentication working in this environment but when I try to enable the SPNEGO web authentication I get the below error on Websphere screen
org.ietf.jgss.GSSException, major code: 13, minor code: 0 major string: Invalid credentials minor string: Cannot get credential from JAAS Subject for principal: HTTP/cgysandmax01.taqanorth.local@TAQANORTH.LOCAL
In the Deployment Manager logs i get the below error.
javax.security.auth.login.FailedLoginException: Cannot retrieve key from keytab HTTP/cgysandmax01.taqanorth.local@TAQANORTH.LOCAL
[1/2/24 13:53:32:452 MST] 000000dd SystemErr R at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(Unknown Source)
[1/2/24 13:53:32:452 MST] 000000dd SystemErr R at com.ibm.security.auth.module.Krb5LoginModule.a(Unknown Source)
I have tried generating the keytab file using both the below commands but that has not helped.
ktpass -princ HTTP/cgysandmax01.taqanorth.local@TAQANORTH.LOCAL -ptype KRB5_NT_PRINCIPAL -mapUser svc-maximosso -mapOp set -pass PASSWORD -out cgysandmax01v2.keytab -crypto AES256-SHA1 +DumpSalt -kvno 0
ktpass -out cgysandmax01.keytab -princ HTTP/cgysandmax01.taqanorth.local@TAQANORTH.LOCAL -mapuser svc-maximosso -pass PASSWORD -ptype KRB5_NT_PRINCIPAL
I have used the below command to generate the KRB configuration file.
$AdminTask createKrbConfigFile {-krbPath /apps/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/etc/cgysandmax01krb5.conf -realm TAQANORTH.LOCAL -kdcHost CGYPRDAD01.TAQANORTH.LOCAL -dns TAQANORTH.LOCAL -keytabPath /apps/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/etc/cgysandmax01.keytab}
Appreciate your help!
Regards
Gagan Deep Bansal