JBoss EAP throws a GSSException Checksum Failed Error with Kerberos Authentication

Solution Verified - Updated -

Issue

  • Authentication fails

  • This error is in the logs

    Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source)
        at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:132)
        ... 12 more
Caused by: KrbException: Checksum failed
        at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
        at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source)
        at sun.security.krb5.EncryptedData.decrypt(Unknown Source)
        at sun.security.krb5.KrbApReq.authenticate(Unknown Source)
        at sun.security.krb5.KrbApReq.<init>(Unknown Source)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source)
        ... 16 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(Unknown Source)
        at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(Unknown Source)
        at sun.security.krb5.internal.crypto.Aes256.decrypt(Unknown Source)
        ... 22 more

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 5
    • 6
    • 7
  • Kerberos/SPNEGO Single Sign-On, also called JBoss Negotiation with legacy security

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content