Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme
search cancel

Web Agent returns "CredentialManager returned SmFailure, end new request" when processing Kerberos Authentication Scheme

book

Article ID: 8875

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running SPS, and when a user comes to the Kerberos authentication scheme, then the browser recieves error 500 and the SPS Agent indicates this error : 

[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][CSmCredentialManager::GatherAdvancedAuthCredentials][SM_WAF_HTTP_PLUGIN-> ProcessAdvancedAuthCredentials returned SmFailure.] 
[07/27/2017][15:30:15][1168][560][55438e88-26830e23-8b935970-4538d084-9391120d-9][ProcessAdvancedAuthentication][CredentialManager returned SmFailure, end new request.] 

How can we solve this?

 

Environment

Policy Server 12.6.01 on Windows 2012R2; Access Gateway (SPS) 12.6.01 on Windows 2012R2;Policy Store on CA Directory 12.6; RDC on Active Directory 2012R2; * all machines in the same Windows domain

Resolution

Configure the ccache parameter in the krb5.ini :

 

C:\windows\krb5.ini 

[libdefaults] 

default_ccache_name = FILE:%{TEMP}\krb5cc_%{uid} 

 

And also don't forget to add the .kcc in the IgnoreExt ACO parameter to ensure the SPS to trigger the Kerberos processing:

IgnoreExt=.class,.gif,.jpg,.jpeg,.png,.fcc,.scc,.sfcc,.ccc,.ntc,.sac,.css,.kcc

 

This will solve the issue.

 

Powered by Wolken Software