We have Access Manager 3.1 SP3, Windows 2008 R2 Server and Win7
workstations. Originally commit for kerberos succeeded fine. However,
when users go to the defined URL from the internal network, they get
basic auth login page (customized). When going from the internet it
first gives windows pop up login screen and after that basic login page.
The kerberos ticket on the workstations seems to be fine but still on
catalina.out we get

Session Id: 9A3A12D9A8D8D767A62C39C2C6018794
Session Last Accessed Time: 1322662023285
</amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z DEBUG NIDS Application: AM#600105011:
AMDEVICEID#A1BC566707E7695C: AMAUTHID#9A3A12D9A8D8D767A62C39C2C6018794:
IDP liberty12 handler to process request received for /nidp/idff
</amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z DEBUG NIDS Application:
Method: CacheMap.A
Thread: http-212.246.141.108-8443-Processor20

Retrieval of object com.novell.nidp.servlets.NIDPServletSession@11eb91 c
from cache session succeeded using key 9A3A12D9A8D8D767A62C39C2C6018794.
Cache size is 1
</amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z DEBUG NIDS Application:
Method: ProxyProfile.isProxyRequest
Thread: http-212.246.141.108-8443-Processor20
/nidp/idff/sso is a ProxyRequest: false </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z INFO NIDS Application: AM#500105016:
AMDEVICEID#A1BC566707E7695C: AMAUTHID#9A3A12D9A8D8D767A62C39C2C6018794:
Processing login resulting from Service Provider authentication request.
</amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z INFO NIDS Application: AM#500105009:
AMDEVICEID#A1BC566707E7695C: AMAUTHID#9A3A12D9A8D8D767A62C39C2C6018794:
Executing contract Kerberos_Contract. </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application: Session has
consumed authentications: false </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application: Executing
authentication method Kerberos_method </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z SEVERE NIDS Application:
AM#200104101: AMDEVICEID#A1BC566707E7695C:
AMAUTHID#9A3A12D9A8D8D767A62C39C2C6018794: Error processing
SPNEGO/Kerberos : GSS Context already established </amLogEntry>

<amLogEntry> 2011-11-30T14:07:03Z VERBOSE NIDS Application:
Authentication method Kerberos_method requires additional interaction.
</amLogEntry>

Closing browser and deleting all browsing history does not solve the
issue as suggested in Event Codes. Tried also adding allowed encryption
algorithms as described in 'NIDP Kerberos authentication does not work
with Windows 2008 R2'
(http://www.novell.com/support/php/se...00%20281108262)

Any idea how move on?


--
vesapi
------------------------------------------------------------------------
vesapi's Profile: http://forums.novell.com/member.php?userid=73631
View this thread: http://forums.novell.com/showthread.php?t=448916