Log in failed in RTC Eclipse client using Kerberos/SPNEGO authentication type
hi,
recently we enabled SSO with Kerberos/SPNEGO on our CCM application which works well using the web browser.
however with any client like eclipse or visual studio when trying to change the authentication type to Kerberos/SPNEGO the following error appears:
main error : CRJAZ6106E the client cannot log in into the following server because the Kerberos/SPNEGO ticket is not valid or has expired : <server name>
in the details section the error looks like : CRJAZ2901 the following URL could not be reached because your Kerberos/SPNEGO ticket is not valid or has expired : /ccm/server/com.ibm.team.repository.common.internal.IRepositoryRemoteService.
I followed the below document for enabling SSO in WebShpere (for Single Server SPNEGO Configuration) :
I have not made any configuration on my client,Is there anything else I must to do in order for the Eclipse client (or visual studio client) to also be able to use Kerberos/SPNEGO authentication type?
thanks in advanced.
Lior
One answer
You should make changes to the clients to properly use Kerberos/SPNEGO SSO. The second link in the below document talks about various aspects of the client configuration.
https://jazz.net/help-dev/clm/topic/com.ibm.jazz.install.doc/topics/c_kerSso_config.html
Comments
Hi Nong,
thanks, I was able to find the missing parts.
the first thing was to add 'user-agent^=Mozilla|Opera|spnego-enabled' to the SPNEGO web authentication section ->Filters section, for the relevant (KDC) host name.
the 2nd thing was to add the 'allowtgtsessionkey' type REG_DWORD parameter to the registry in both locations:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos
once I did both things I was able to login from both RTC Eclipse and VS clients.
Lior