Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

SEM SSO issues

I am having an issue where I am getting a prompt from SEM web gui to provide my credentials. I provide credentials (we use both tokens and passwords).  It does not fail unless I close the prompt. LDAP works fine.

I have a CA that I signed the ssl Certificate with.  The SEM name is sem.domain (This is an offline domain). The sem console has the correct domain and IP configurations.

I was successful in creating a keytab with the following:

\ktpass.exe -princ HTTP/sem.domain -pass *** -mapuser domain\sem -pType KRB5_NT_PRINCIPAL -crypto ALL -Out c:\Keytab\sem.keytab

I also tried to change it to AES256 since the DISA STIG requires atleast AES128.  But I still get the issue.

I transported the keytab via the domain sysvol share to the SEM server.

The watchlog (Manager menu in CMC console)  shows that there is a Kerberos checksum issue before I even select an account to log in with at the prompt.

0 Kudos
0 Replies