View Single Post
Old 02-25-2014, 05:33 PM   #1 (permalink)
juniorra
New Member
 
Join Date: Feb 2014
Model: 9600
PIN: N/A
Carrier: rogers
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default SSO - Kerberos - error_code: KDC_ERR_BADOPTION

Please Login to Remove!

Hi All,

I am trying to setup SSO Kerberos authentication on BES 5. I have read through the instructions and completed the steps required. When user tired to connect to protected site they get promoted for credentials. I checked the MDAT log and found the following error

Code:
<2014-02-25 13:50:42.803 EST>:[229]:<MDS-CS_SE100620_MDS-CS_1>:<DEBUG>:<LAYER = SCM, impersonation cannot be done on the host of this url, e=GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosError: KDC can't fulfill requested option
KrbError:
        Error code: 13
        Error message: null
        Client name: null
        Client realm: null
        Client time: null
        Server name: HTTP/test.com
        Server realm: fake.test.com
        Server time:
I looked at this article KB23457 Browser is prompting for credentials after MDS Connection Service has been configured for Integrated Authentication[/url] Browser is still requesting credentials after MDS Connection Service has been configured for Integrated Authentication, but it did not apply to me as in I have the following option "Trust this user for delegation to any service (Kerberos only)" enabled in AD for the Delegation service account. Can anyone help with identifying what wrong here?

Thanks

Last edited by juniorra : 02-25-2014 at 05:35 PM.
Offline   Reply With Quote