I'm trying to set up AD SSO for the REST API. I've already set up SSO in BI Launch Pad, so I know the SPN is correctly configured.
In: java\pjs\services\RestWebService\biprws\WEB-INF\web.xml, I set:
<param-name>idm.realm</param-name>
<param-value>AD1.PROD</param-value>
<param-name>idm.princ</param-name>
<param-value>BICMS/(domain account).ad1.prod</param-value>
<param-name>idm.keytab</param-name>
<param-value></param-value>
I then set the password in the WACS command line parameters: -Dcom.wedgetail.idm.sso.password=(password for domain account).
After restarting the WACS, I get a ton of errors, and it's left in "Running with errors" status. These seem the most relevant:
SEVERE: Exception starting filter WrappedResponseAuthFilter
com.wedgetail.idm.sso.ConfigException: Configured service principal name could not be found [caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosError: Client not found in Kerberos database
KrbError:
Error code: 6
Error message: null
Client name: null
Client realm: null
Client time: null
Server name: krbtgt/AD1.PROD
Server realm: AD1.PROD
Server time: Wed Jan 21 16:03:53 EST 2015)]
at com.wedgetail.idm.sso.util.Util.checkAgainstKDC(Util.java:176)
at com.wedgetail.idm.sso.AbstractAuthenticator.initAuthenticator2(AbstractAuthenticator.java:556)
(many more lines)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: com.dstc.security.kerberos.KerberosError: Client not found in Kerberos database
KrbError:
Error code: 6
Error message: null
Client name: null
Client realm: null
Client time: null
Server name: krbtgt/AD1.PROD
Server realm: AD1.PROD
Server time: Wed Jan 21 16:03:53 EST 2015)
...
Caused by: com.dstc.security.kerberos.KerberosError: Client not found in Kerberos database
KrbError:
Error code: 6
Error message: null
Client name: null
Client realm: null
Client time: null
Server name: krbtgt/AD1.PROD
Server realm: AD1.PROD
Server time: Wed Jan 21 16:03:53 EST 2015