Trying to configure (decipher the puzzle?) SSO from Windows to UA/Home
in IDM 4.5.4 using Kerberos. We wanted to use SAML but apparently that
is only supported with NAM now.

Brand new install of IDM 4.5.4 and the identity applications running on
SLES 11.
Windows environment is 2008 R2.

I've followed all of the instructions in the IDM 4.5 setup guide;
http://tinyurl.com/ounkvur

I've followed all of the instructions in the setup guide for all three
sections 46.1, 46.2, and 46.3 to the letter.

When I go to the UA URL, I'm prompted for username and password. There
are no errors written to catalina.out or osp-idm.YYYY-MM-DD.log.
Sometimes (not every time) I see a warning message in the browser before
the login form is presented.

489

Nothing is written to catalina.out, osp.log is attached.

490

Here is the krb5.conf file;

[libdefaults]
default_realm = STAGING.LOCAL
kdc_timesync = 0
forwardable = true
proxiable = false
[realms]
STAGING.LOCAL = {
kdc = chw-vdc-903.chw.edu
admin_server = chw-vdc-903.chw.edu
}

[domain_realm]
..chw.edu = STAGING.LOCAL
chw.edu = STAGING.LOCAL

[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = FILE:/var/log/krb5/krb5default.log


Nothing is ever written to any of the files in /var/log/krb5. It's like
the krb5 config is not being processed at all.

Here is the Kerberos_login.config file;

com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required
debug="true"
refreshKrb5Config="true"
useTicketCache="true"

ticketCache="/opt/netiq/idm/apps/tomcat/kerberos/spnegoTicket.cache"
doNotPrompt="true"
principal="HTTP/phx-dvuserapp-001.chw.edu@STAGING.LOCAL"
useKeyTab="true"

keyTab="/opt/netiq/idm/apps/tomcat/kerberos/phx-dvuserapp-001.rrp.keytab"
storeKey="true";
};

I've removed and redeployed the entire setup at least 5 times. No
changes, no errors reported, it just doesn't work.

Either I am missing something obvious or there is a bug somewhere. I'm
hoping for the former.

Any help is greatly appreciated.


+----------------------------------------------------------------------+
|Filename: osp.log |
|Download: https://forums.netiq.com/attachment....tachmentid=490 |
+----------------------------------------------------------------------+

--
rhettplace
------------------------------------------------------------------------
rhettplace's Profile: https://forums.netiq.com/member.php?userid=876
View this thread: https://forums.netiq.com/showthread.php?t=56771