JBoss EAP throws a GSSException Checksum Failed Error with Kerberos Authentication
Issue
- Authentication fails
-
This error is in the logs
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source) at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) at sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) at org.wildfly.security.sasl.gssapi.GssapiServer.evaluateMessage(GssapiServer.java:132) ... 12 more Caused by: KrbException: Checksum failed at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source) at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Unknown Source) at sun.security.krb5.EncryptedData.decrypt(Unknown Source) at sun.security.krb5.KrbApReq.authenticate(Unknown Source) at sun.security.krb5.KrbApReq.<init>(Unknown Source) at sun.security.jgss.krb5.InitSecContextToken.<init>(Unknown Source) ... 16 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(Unknown Source) at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(Unknown Source) at sun.security.krb5.internal.crypto.Aes256.decrypt(Unknown Source) ... 22 more
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 5
- 6
- 7
- Kerberos/SPNEGO Single Sign-On, also called JBoss Negotiation with legacy security
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.