When attempting to log in using Kerberos for Single Sign-On (SSO), an error message is displayed:
U00045015 The previous error was caused by 'org.ietf.jgss.GSSException: "Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)"' at 'sun.security.jgss.krb5.Krb5Context.acceptSecContext():859'.
U00045015 The previous error was caused by 'sun.security.krb5.KrbException: "Encryption type RC4 with HMAC is not supported/enabled"' at 'sun.security.krb5.EncryptionKey.findKey():544'.
Release : 21.0.5
When there are multiple encryption types enabled, Kerberos defaults to an encryption type other than RC4 with HMAC, which is the preferred encryption type for SSO.
Enable Kerberos AES 256-bit encryption on the Active Directory (AD) account associated with SSO.
Recreate the KEYTAB file.
For detailed instructions on enabling Kerberos AES 256-bit encryption and recreating the KEYTAB file, please refer to our documentation - Automic Automation Guides - Setting Up Kerberos SSO