Web Agent :: Kerberos : Handling the error "Server not found in Kerberos database"

book

Article ID: 75014

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

I'm running a Web Agent for Kerberos, and when I request the kerberos
request, the Web Agent cannot authenticate the user and throw the error

   Failed to create delegated GSSAPI token on behalf
   of HTTP/[email protected] for
   [email protected]: Minor Status=-1765328377,
   Major Status=851968, Message=Server not found in
   Kerberos database 

Why do I get this error ?
 

Environment

This applies to all CA Single Sign-On versions.

Resolution

You get this error because the domain2.com is not found in the
krb5.conf file on the Web Agent side.

Check in the krb5.conf for the domain equivalence configuration. You
get this error because you don't get the domain2.com configured :

[domain_realm]
    .domain1.com = MYDOMAIN.COM
    domain1.com = MYDOMAIN.COM

# you need also the following lines :

    .domain2.com = MYDOMAIN.COM
    domain2.com = MYDOMAIN.COM

Obviously, make sure that both Web Agent and Policy Server has the
same krb5.conf configuration as per the "Policy Server Configuration
Guide 12.52 SP1"