Kerberos authentication failed
I have installed Spotfire Server and I'm trying to configure Kerberos and Ldap GSSAPI. From configuration tool I'm able to interrogate LDAP and add the users. Also from the command line I'm able to get Kerberos ticket using principal and keytab.
After following all steps of the official documentation to configure Kerberos authentication on Spotfire Server (7.10), without any kind of problem, I failed to authenticate on Spotfire Server Web App.
The log shows:
ERROR 2015-09-15T22:48:35,936-0500 [unknown, #1] server.security.KerberosAuthenticator: Failure when executing privileged Kerberos authentication action
GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
Thanks a lot,
From the documenation-
> setspn -S HTTP/<fully qualified hostname>[:<port>] <service account name>
> setspn -S HTTP/<hostname>[:<port>] <service account name>
> setspn -S HTTP/<fully qualified hostname> <service account name>
> setspn -S HTTP/<hostname> <service account name>
By default, a client does not include a port number in SPN within the TGS request for Kerberos Authentication. The authentication fails as SPN without a port is not registered in the Domain Controller.
Have you registered SPN's using the hostname:port as well as one with just the hostname?IF not please give it a try.