Siteminder : Failed to initialize authentication scheme 'AuthScheme' - Kerberos Authentication
search cancel

Siteminder : Failed to initialize authentication scheme 'AuthScheme' - Kerberos Authentication

book

Article ID: 412157

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER

Issue/Introduction

Users not getting authenticated by the PolicyServer. The corresponding logs are observed in the WebAgent and PolicyServer.

WebAgent Log:

User 'user@domain' is not authenticated by Policy Server.

smps.log

Kerberos Authentication Scheme failed to initialize.

Environment

PolicyServer: 12.8 SP8 CR01

WebAgent: 12.52 SP1 CR11

WebServer: Apache 2.4

WebServer OS: Windows 2019

Cause

Kerberos Authentication Scheme having mismatch of the PolicyServer Service Principal name.

Resolution

- List the PolicyServer keytab entries using the below command.

klist -e -k -t <Keytab_File_Location>

- Copy the Service Principal name from the below output (masked and highlighted below for sensitive data protection).

- Modify the ACO.

- Update the Service Principal name of the AuthScheme in accordance with the copied value above using the klist from the PolicyServer Keytab file, as shown below.

- Save and submit the changes.

- Restart the Apache WebAgent.

Powered by Wolken Software