Kerberos single sign-on issues
Take the following steps for issues with the Kerberos single sign-on.
Procedure
- Make sure that you followed the information in the online help for setup required to enabled Single sign-on (SSO) to set up single sign-on.
- Make sure that the event log message #806 is turned on.
- Enable the environment variable KRB5_TRACE before you start IBM® Safer
Payments, for example:
KRB5_TRACE=~/krb_trace.log
If the instance is started by a service script, make sure that the service script can pick up this environment variable.
- Perform a few logins with SSO.
- Upload the following files to the case:
- The /etc/krb5.conf file.
- The krb_trace.log file.
- The IBM Safer Payments logs.
- The results of the following commands on the IBM Safer
Payments server
machine:
klist -e -k -t /etc/krb5.keytab
kinit
Run the kinit command with the keytab and by using the service principal that is listed in the klist command. For example:
-
kinit -k -t /etc/krb5.keytab HTTP/SPServer.example.com@EXAMPLE.COM
- A har file with single sign-on login issue reproduced.
For more information, see Sending information to IBM Support.