Could not validate SPNEGO token.java.lang.Exception: Checksum error.

Hello consultant:

We are trying configurated SSO usind SPNEGO  module

We have a portal 7.0 ehp1 and Active Directory Microsoft versión 2003 native

we have followed the steps described in note Sap 1457499"Note 1457499 - SPNego add-on"

When we have logged with user Active Directory and we try access to portal we obtain following error:

Authorization check user error

We have Deploy the Web diagtool from SAP Note 1045019 on the J2EE server, run it and perform the

following steps:

1. Select "Component" = "security" and "Activity" = "all"

2. Click the "Go" button, followed by the "Add All" button

3. Select "Component" = "All" and in the "Search pattern" field write "com.sap.security.spnego"

4. Click the "Go" button, followed by the "Add All" button

5. Start the tool

Then we have reproduce the problem and stop the tool. The generated zip file will contain following error:

15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~p.security.spnego.krb5.crypto.DesCrypto Checksum error! checksum: 0xc46bfed8d0dbc54221ee75405c8cd5ac; calculated checksum: 0x6ead7e801608b729a6957597327f2ba5

15:45:20:078 Error J2EE_GST_PRD SAPEngine_Application_Thread[impl:3]_15 ~m.sap.security.spnego.SPNEGOLoginModule Could not validate SPNEGO token.

java.lang.Exception: Checksum error.

at com.sap.security.spnego.krb5.crypto.DesCrypto.decrypt(DesCrypto.java:43)

at com.sap.security.spnego.krb5.KrbEncryptedData.decrypt(KrbEncryptedData.java:81)

at com.sap.security.spnego.krb5.KrbApReq.decrypt(KrbApReq.java:67)

at com.sap.security.spnego.SPNEGOLoginModule.parseAndValidateSPNEGOToken(SPNEGOLoginModule.java:234)

at com.sap.security.spnego.SPNEGOLoginModule.processAuthorizationHeader(SPNEGOLoginModule.java:385)

at com.sap.security.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:102)

at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:185)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:70)

at java.security.AccessController.doPrivileged(AccessController.java:246)

at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:181)

at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)

at java.lang.reflect.Method.invoke(Method.java:391)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:699)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:151)

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:634)

at java.security.AccessController.doPrivileged(AccessController.java:246)

at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:631)

at javax.security.auth.login.LoginContext.login(LoginContext.java:557)

at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.logon(SAPJ2EEAuthenticator.java:912)

at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.login(AuthenticationService.java:367)

at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:126)

at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:181)

at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:541)

at java.security.AccessController.doPrivileged(AccessController.java:246)

at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:430)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)

at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)

at com.sap.portal.navigation.Gateway.service(Gateway.java:126)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)

at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)

at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)

at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)

at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)

at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)

at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)

at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)

at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)

at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)

at java.security.AccessController.doPrivileged(AccessController.java:219)

at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)

at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Could you help us?

Many thanks for your collaboration