Kerberos authentication fails after upgrade to OpenJDK 11.0.17 or OpenJDK 1.8.0.392
Issue
- Unable to authenticate with kerberos:
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:858)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:909)
at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:559)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
at org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator.establishContext(SPNEGOAuthenticator.java:169)
at org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator$AcceptSecContext.run(SPNEGOAuthenticator.java:132)
at org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator$AcceptSecContext.run(SPNEGOAuthenticator.java:122)
... 101 more
Caused by: KrbException: Encryption type RC4 with HMAC is not supported/enabled
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:522)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:149)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:140)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:831)
... 110 more
Environment
- Red Hat JBoss Enterprise Application Platform (JBoss EAP)
- 7
- Red Hat Single Sign-On (RH-SSO)
- 7
- OpenJDK
- 11.0.17 and later
- 1.8.0.392
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.