SSO Login Error "Encryption type RC4 with HMAC is not supported/enabled"
search cancel

SSO Login Error "Encryption type RC4 with HMAC is not supported/enabled"

book

Article ID: 266245

calendar_today

Updated On: 06-11-2024

Products

CA Automic Workload Automation - Automation Engine

Issue/Introduction

When attempting to log in using Kerberos for Single Sign-On (SSO), an error message is displayed:

U00045015 The previous error was caused by 'org.ietf.jgss.GSSException: "Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)"' at 'sun.security.jgss.krb5.Krb5Context.acceptSecContext():859'.
U00045015 The previous error was caused by 'sun.security.krb5.KrbException: "Encryption type RC4 with HMAC is not supported/enabled"' at 'sun.security.krb5.EncryptionKey.findKey():544'.

Environment

Release : 21.0.5

Cause

When there are multiple encryption types enabled, Kerberos defaults to an encryption type other than RC4 with HMAC, which is the preferred encryption type for SSO.

Resolution

Enable Kerberos AES 256-bit encryption on the Active Directory (AD) account associated with SSO.

Recreate the KEYTAB file.


For detailed instructions on enabling Kerberos AES 256-bit encryption and recreating the KEYTAB file, please refer to our documentation - Automic Automation Guides - Setting Up Kerberos SSO