Error when trying to use SPNEGO Single Sign-On to WebSEAL

Troubleshooting

Problem

Attempts to use Windows desktop single sign-on (SPNEGO) with WebSEAL result in an error.

Symptom

When attempting to use SPNEGO SSO to WebSEAL, the user sees the error

HPDIA0220I Authentication requires continuation before completion status can be determined.

Cause

As outlined in the Problem Determination Guide,
http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.itame.doc_6.1/am61_problem193.htm
this error usually occurs when the password used to encrypt the SPNEGO authentication data and the password being used by the Web security server to decrypt the SPNEGO authentication data are not synchronized.

However, another scenario which is not mentioned in the Problem Determination Guide which can also cause this issue is if the times are not synchronized on the various servers. Ensure that the times (taking account date and timezone too) are the same on the domain controllers, WebSEAL servers, and the clients.

[{"Product":{"code":"SSPREK","label":"Tivoli Access Manager for e-business"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"WebSEAL","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

Error when trying to use SPNEGO Single Sign-On to WebSEAL

Troubleshooting

Problem

Symptom

Cause

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?