It's all about the answers!

Ask a question

Log in failed in RTC Eclipse client using Kerberos/SPNEGO authentication type

Lior Peled (17114) | asked Mar 18 '18, 10:40 a.m.


recently we enabled SSO with Kerberos/SPNEGO on our CCM application which works well using the web browser.
however with any client like eclipse or visual studio when trying to change the authentication type to Kerberos/SPNEGO the following error appears:
main error : CRJAZ6106E the client cannot log in into the following server because the Kerberos/SPNEGO ticket is not valid or has expired : <server name>
in the details section the error looks like : CRJAZ2901 the following URL could not be reached because your Kerberos/SPNEGO ticket is not valid or has expired : /ccm/server/

I followed the below document for enabling SSO in WebShpere  (for Single Server SPNEGO Configuration) :

I have not made any configuration on my client,Is there anything else I must to do in order for the Eclipse client (or visual studio client) to also be able to use Kerberos/SPNEGO authentication type?

thanks in advanced.


One answer

permanent link
Donald Nong (14.5k314) | answered Mar 18 '18, 7:32 p.m.

You should make changes to the clients to properly use Kerberos/SPNEGO SSO. The second link in the below document talks about various aspects of the client configuration.

Lior Peled commented Mar 20 '18, 5:43 a.m.

Hi Nong,

thanks, I was able to find the missing parts.
the first thing was to add 'user-agent^=Mozilla|Opera|spnego-enabled' to the SPNEGO web authentication section ->Filters section, for the relevant (KDC) host name.
the 2nd thing was to add the 'allowtgtsessionkey' type REG_DWORD parameter to the registry in both locations:

once I did both things I was able to login from both RTC Eclipse and VS clients.


Your answer

Register or to post your answer.