Kerberos single sign-on issues

Take the following steps for issues with the Kerberos single sign-on.

Procedure

  1. Make sure that you followed the information in the online help for setup required to enabled Single sign-on (SSO) to set up single sign-on.
  2. Make sure that the event log message #806 is turned on.
  3. Enable the environment variable KRB5_TRACE before you start IBM® Safer Payments, for example:
    KRB5_TRACE=~/krb_trace.log

    If the instance is started by a service script, make sure that the service script can pick up this environment variable.

  4. Perform a few logins with SSO.
  5. Upload the following files to the case:
    • The /etc/krb5.conf file.
    • The krb_trace.log file.
    • The IBM Safer Payments logs.
    • The results of the following commands on the IBM Safer Payments server machine:
      klist -e -k -t /etc/krb5.keytab
      kinit 

      Run the kinit command with the keytab and by using the service principal that is listed in the klist command. For example:

    • kinit -k -t /etc/krb5.keytab HTTP/SPServer.example.com@EXAMPLE.COM
    • A har file with single sign-on login issue reproduced.

    For more information, see Sending information to IBM Support.