Architecting, installing and maintaining your SAS environment

Single Sign-On configuration for SAS Visual Analytics

Accepted Solution Solved
Reply
Contributor
Posts: 20
Accepted Solution

Single Sign-On configuration for SAS Visual Analytics

Hello,

 

I start configuring a Visual Analytics mono server platform in Single Sign-On mode only for HTTPS access.

 

Do you know, in the numerous publications on the SSO topic, what is the reference documentation to follow in the case of a Visual Analytis configuration on Windows server ?

 

Best regards,

Gaetan


Accepted Solutions
Solution
‎02-09-2017 11:20 AM
Contributor
Posts: 20

Re: Single Sign-On configuration for SAS Visual Analytics

Posted in reply to PaulHomes

Hi Paul,

more precisions are necessary :

- OS : Windows Server 2012

- SAS Version : SAS9.4M3

- SSO Mechanism : IWA

 

Now, I succeeded today an operational single sign-on configuration.

Concerning the documentation, here is my feedback:

 

Step 1 : Configure configuration in Active Directory and produce keyab file :

 

Step 2 : SAS Web App Server configuration

 

Step 3 : SAS Metadata Configuration

 

(optional) : Fallback processing (In my organization, Firefoox can't use IWA, so I need to redirect Firefox's users to a prompt credentials screen)

 

Obviously, all these steps are perfectly described in your post Paul :

A recommended step in your post, which I have not yet had time to realize, is to redeploy the Web applications to keep the modifications to the passage of the next maintenance (M4 in my case)

 

In conclusion, my configuration was made quite simply. My main recommendation is to validate the compliance of the Kerberos keytab file with the "kinit" executable before proceeding SAS configuration.

 

Gaétan

View solution in original post


All Replies
SAS Super FREQ
Posts: 299

Re: Single Sign-On configuration for SAS Visual Analytics

Contributor
Posts: 20

Re: Single Sign-On configuration for SAS Visual Analytics

Hi Anja,

 

The topic in this link is SSL, but I configured yet SSL.

 

For SSO, list of documents :

 

http://support.sas.com/documentation/cdl/en/bimtag/69826/HTML/default/viewer.htm#n1bhp608f0hsoen10i1...

http://support.sas.com/resources/papers/proceedings16/SAS3443-2016.pdf

http://support.sas.com/resources/papers/proceedings16/SAS3720-2016.pdf

 

I think the document, coming from the last link, is best suited to my configuration.

Was anyone able to apply this procedure ?

 

Gaétan

PROC Star
Posts: 425

Re: Single Sign-On configuration for SAS Visual Analytics

It would help people to give more targeted links to resources if you gave a bit more information about your environment. Which version of SAS Visual Analytics are you using? On which server platform (Windows, Linux etc).Which SSO mechanism are you trying to integrate with (IWA, WebSeal, SiteMinder etc).

 

There are a lot of options and flexibility in how SSO can be done, so it can be complex to setup and troubleshoot. Providing more info about your environment will help.

 

Your last comment seems to suggest it might be Integrated Windows Authentication (IWA). If so, then the Support for Integrated Windows Authentication page in the SAS 9.4 Intelligence Platform: Middle-Tier Administration Guide book is a good starting point. I have also found the following paper very useful: SAS Global Forum Paper SAS102-2014: An Advanced Fallback Authentication Framework for SAS® 9.4 and S... by Zhiyong Li & Mike Roda.

 

I have also written a few blog posts related to IWA based SSO (including SAS Visual Analytics Guest Access with IWA Fallback) that might be of some use. They are all tagged IWA and listed at https://platformadmin.com/blogs/paul/tag/iwa/

 

Solution
‎02-09-2017 11:20 AM
Contributor
Posts: 20

Re: Single Sign-On configuration for SAS Visual Analytics

Posted in reply to PaulHomes

Hi Paul,

more precisions are necessary :

- OS : Windows Server 2012

- SAS Version : SAS9.4M3

- SSO Mechanism : IWA

 

Now, I succeeded today an operational single sign-on configuration.

Concerning the documentation, here is my feedback:

 

Step 1 : Configure configuration in Active Directory and produce keyab file :

 

Step 2 : SAS Web App Server configuration

 

Step 3 : SAS Metadata Configuration

 

(optional) : Fallback processing (In my organization, Firefoox can't use IWA, so I need to redirect Firefox's users to a prompt credentials screen)

 

Obviously, all these steps are perfectly described in your post Paul :

A recommended step in your post, which I have not yet had time to realize, is to redeploy the Web applications to keep the modifications to the passage of the next maintenance (M4 in my case)

 

In conclusion, my configuration was made quite simply. My main recommendation is to validate the compliance of the Kerberos keytab file with the "kinit" executable before proceeding SAS configuration.

 

Gaétan

PROC Star
Posts: 425

Re: Single Sign-On configuration for SAS Visual Analytics

Hi Gaétan,

 

Great to hear you have it all working now.

 

That's good advice about kinit. When working on complex configurations I think it's always a good idea to confirm that all the lower level pre-requisites are working before moving onto configuring/troubleshooting the higher level components.

 

Cheers

Paul

Trusted Advisor
Posts: 1,312

Re: Single Sign-On configuration for SAS Visual Analytics

Nice summary @Gaetan !

Occasional Contributor
Posts: 5

Re: Single Sign-On configuration for SAS Visual Analytics

Posted in reply to JuanS_OCS

Hi, 

 

We have successfully implemented Web Application Server IWA with fallback to SAS Form Auth. for the SAS VA environment, the only thing that is not working is the delegation of credentials from the middle tier to the server to launch a work-space server, we have been struggling with this for a few weeks now and different settings of krb5.ini file have not worked, 

 

below is the wrapper.log snippet from SASServer1_1 following user1's IWA login into VA Hub and then attempt to launch SAS workspace server, we can see that the initial credentials and delegated but we get hit by this error,

 

INFO   | jvm 1    | 2017/10/25 16:04:27 | Service ticket not found in the subject

 

, we have gone through several kerberos/ java forums and all have vague refrences to this being a KDC/ DNS problem and one realm unable to get a TGS for the a service in another realm.....

 

Have you encountered this kind of problem before and able to help ? Thanks !

 

 

INFO   | jvm 1    | 2017/10/25 16:04:11 | Search Subject for SPNEGO ACCEPT cred (<<DEF>>, sun.security.jgss.spnego.SpNegoCredElement)
INFO   | jvm 1    | 2017/10/25 16:04:11 | Search Subject for Kerberos V5 ACCEPT cred (<<DEF>>, sun.security.jgss.krb5.Krb5AcceptCredential)
INFO   | jvm 1    | 2017/10/25 16:04:11 | Found KeyTab
INFO   | jvm 1    | 2017/10/25 16:04:11 | Entered Krb5Context.acceptSecContext with state=STATE_NEW
INFO   | jvm 1    | 2017/10/25 16:04:11 | Added key: 17version: 3
INFO   | jvm 1    | 2017/10/25 16:04:11 | Added key: 18version: 3
INFO   | jvm 1    | 2017/10/25 16:04:11 | Added key: 23version: 3
INFO   | jvm 1    | 2017/10/25 16:04:11 | Added key: 3version: 3
INFO   | jvm 1    | 2017/10/25 16:04:11 | Added key: 1version: 3
INFO   | jvm 1    | 2017/10/25 16:04:11 | Ordering keys wrt default_tkt_enctypes list
INFO   | jvm 1    | 2017/10/25 16:04:11 | Using builtin default etypes for default_tkt_enctypes
INFO   | jvm 1    | 2017/10/25 16:04:11 | default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:11 | Using builtin default etypes for permitted_enctypes
INFO   | jvm 1    | 2017/10/25 16:04:11 | default etypes for permitted_enctypes: 18 17 16 23 1 3.
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:11 | object 0: 1508961851001/1026
INFO   | jvm 1    | 2017/10/25 16:04:11 | object 1: 1508961788001/1023
INFO   | jvm 1    | 2017/10/25 16:04:11 | replay cache found.
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>> KrbApReq: authenticate succeed.
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>>Delegated Creds have pname=user1@MOH.XYZ.COM sname=krbtgt/MOH.XYZ.COM@MOH.XYZ.COM authtime=null starttime=20171025181136Z endtime=20171026035744ZrenewTill=20171101175744Z
INFO   | jvm 1    | 2017/10/25 16:04:11 | Krb5Context setting peerSeqNumber to: 1843637646
INFO   | jvm 1    | 2017/10/25 16:04:11 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:11 | Krb5Context setting mySeqNumber to: 660599283
INFO   | jvm 1    | 2017/10/25 16:04:11 | 2017-10-25 16:04:11,847 [tomcat-http--53] INFO  com.sas.svcs.security.authentication.gss.GSSCredentialCachingFilter - Received credentials for 'user1'
INFO   | jvm 1    | 2017/10/25 16:04:11 | 2017-10-25 16:04:11,860 [tomcat-http--53] DEBUG com.sas.svcs.security.authentication.gss.GSSCredentialCachingFilter - Using OMIServerPrincipal 'user1'
INFO   | jvm 1    | 2017/10/25 16:04:11 | 2017-10-25 16:04:11,860 [tomcat-http--53] DEBUG com.sas.svcs.security.authentication.gss.GSSCredentialCachingFilter - Cached credential for 'user1' with key 'user1'
INFO   | jvm 1    | 2017/10/25 16:04:11 | 2017-10-25 16:04:11,860 [tomcat-http--53] DEBUG com.sas.svcs.security.authentication.gss.GSSCredentialCachingFilter - Credentials from 'user1' have remaining lifetime of 28412 secs
INFO   | jvm 1    | 2017/10/25 16:04:11 | 2017-10-25 16:04:11,864 [tomcat-http--53] DEBUG com.sas.svcs.security.authentication.gss.GSSCredentialCachingFilter - Put username 'user1' into cache with URL http://hostname.cihs.XYZ.COM:8080/SASLogon/v1/gss/?username=user1
INFO   | jvm 1    | 2017/10/25 16:04:11 | start[1508961851886] time[4] tag[HttpBasedServiceCredentialsAuthenticationHandler]
DEBUG  | wrapperp | 2017/10/25 16:04:15 | send a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:15 | Received a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:15 | Send a packet PING : ok
DEBUG  | wrapperp | 2017/10/25 16:04:15 | read a packet PING : ok
DEBUG  | wrapper  | 2017/10/25 16:04:15 | Got ping response from JVM
DEBUG  | wrapperp | 2017/10/25 16:04:19 | send a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:19 | Received a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:19 | Send a packet PING : ok
DEBUG  | wrapperp | 2017/10/25 16:04:19 | read a packet PING : ok
DEBUG  | wrapper  | 2017/10/25 16:04:19 | Got ping response from JVM
DEBUG  | wrapperp | 2017/10/25 16:04:23 | send a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:23 | Received a packet PING : ping
INFO   | jvm 1    | 2017/10/25 16:04:23 | Send a packet PING : ok
DEBUG  | wrapperp | 2017/10/25 16:04:23 | read a packet PING : ok
DEBUG  | wrapper  | 2017/10/25 16:04:23 | Got ping response from JVM
INFO   | jvm 1    | 2017/10/25 16:04:27 | 2017-10-25 16:04:26,970 [tomcat-http--12] DEBUG com.sas.svcs.security.authentication.gss.GSSController - Got credential for 'user1'
INFO   | jvm 1    | 2017/10/25 16:04:27 | 2017-10-25 16:04:26,970 [tomcat-http--12] DEBUG com.sas.svcs.security.authentication.gss.GSSController - Using SPN: HTTP/hostname.cihs.XYZ.COM
INFO   | jvm 1    | 2017/10/25 16:04:27 | Entered Krb5Context.initSecContext with state=STATE_NEW
INFO   | jvm 1    | 2017/10/25 16:04:27 | Service ticket not found in the subject
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Realm doInitialParse: cRealm=[MOH.XYZ.COM], sRealm=[CIHS.XYZ.COM]
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Realm parseCapaths: no cfg entry
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Credentials acquireServiceCreds: main loop: [0] tempService=krbtgt/CIHS.XYZ.COM@MOH.XYZ.COM
INFO   | jvm 1    | 2017/10/25 16:04:27 | Using builtin default etypes for default_tgs_enctypes
INFO   | jvm 1    | 2017/10/25 16:04:27 | default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:27 | getKDCFromDNS using UDP
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KrbKdcReq send: kdc=abc.moh.XYZ.COM. TCP:88, timeout=30000, number of retries =3, #bytes=1629
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KDCCommunication: kdc=abc.moh.XYZ.COM. TCP:88, timeout=30000,Attempt =1, #bytes=1629
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>>DEBUG: TCPClient reading 1573 bytes
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KrbKdcReq send: #bytes read=1573
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KdcAccessibility: remove abc.moh.XYZ.COM.:88
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Credentials acquireServiceCreds: no tgt; searching backwards
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Credentials acquireServiceCreds: inner loop: [1] tempService=krbtgt/XYZ.COM@MOH.XYZ.COM
INFO   | jvm 1    | 2017/10/25 16:04:27 | Using builtin default etypes for default_tgs_enctypes
INFO   | jvm 1    | 2017/10/25 16:04:27 | default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
INFO   | jvm 1    | 2017/10/25 16:04:27 | getKDCFromDNS using UDP
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KrbKdcReq send: kdc=abc.moh.XYZ.COM. TCP:88, timeout=30000, number of retries =3, #bytes=1622
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KDCCommunication: kdc=abc.moh.XYZ.COM. TCP:88, timeout=30000,Attempt =1, #bytes=1622
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>>DEBUG: TCPClient reading 100 bytes
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KrbKdcReq send: #bytes read=100
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KdcAccessibility: remove abc.moh.XYZ.COM.:88
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> KDCRep: init() encoding tag is 126 req type is 13
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>>KRBError:
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  sTime is Wed Oct 25 16:04:26 EDT 2017 1508961866000
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  suSec is 739644
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  error code is 7
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  error Message is Server not found in Kerberos database
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  realm is MOH.XYZ.COM
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  sname is krbtgt/XYZ.COM
INFO   | jvm 1    | 2017/10/25 16:04:27 |                  msgType is 30
INFO   | jvm 1    | 2017/10/25 16:04:27 | >>> Credentials acquireServiceCreds: no tgt; cannot get creds
INFO   | jvm 1    | 2017/10/25 16:04:27 | KrbException: Fail to create credential. (63) - No service creds
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:299)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:456)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:641)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:852)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.security.jgss.JGSSDelegation.initSecContext(JGSSDelegation.java:192)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.gss.GSSController.gss(GSSController.java:69)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.lang.reflect.Method.invoke(Method.java:606)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.tickets.PlainTextFilter.doFilterInternal(PlainTextFilter.java:76)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.session.SessionFilter.doFilter(SessionFilter.java:34)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.customization.CustomizationFilter.doFilterInternal(CustomizationFilter.java:138)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.direct.DirectAuthenticationFilter.doFilterInternal(DirectAuthenticationFilter.java:130)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.framework.webapp.servlet.ResponseHeaderFilter.onDoFilter(ResponseHeaderFilter.java:102)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.vfabrictcsvr.authenticator.SasFallbackAuthenticatorValve.invoke(SasFallbackAuthenticatorValve.java:137)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.lang.Thread.run(Thread.java:745)
INFO   | jvm 1    | 2017/10/25 16:04:27 | 2017-10-25 16:04:27,010 [tomcat-http--12] ERROR com.sas.security.jgss.JGSSDelegation - There was an error during the security context initiation
INFO   | jvm 1    | 2017/10/25 16:04:27 | GSSException: No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds))
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:453)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.security.jgss.JGSSDelegation.initSecContext(JGSSDelegation.java:192)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.gss.GSSController.gss(GSSController.java:69)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.lang.reflect.Method.invoke(Method.java:606)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:685)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:919)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:851)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:855)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:646)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(SafeDispatcherServlet.java:115)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advice(SafeDispatcherServlet.java:44)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:1)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.tickets.PlainTextFilter.doFilterInternal(PlainTextFilter.java:76)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.session.SessionFilter.doFilter(SessionFilter.java:34)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.customization.CustomizationFilter.doFilterInternal(CustomizationFilter.java:138)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:63)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.svcs.security.authentication.direct.DirectAuthenticationFilter.doFilterInternal(DirectAuthenticationFilter.java:130)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.framework.webapp.servlet.ResponseHeaderFilter.onDoFilter(ResponseHeaderFilter.java:102)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.framework.webapp.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:82)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:106)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at com.sas.vfabrictcsvr.authenticator.SasFallbackAuthenticatorValve.invoke(SasFallbackAuthenticatorValve.java:137)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:683)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1070)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:314)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at java.lang.Thread.run(Thread.java:745)
INFO   | jvm 1    | 2017/10/25 16:04:27 | Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:710)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:852)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 ... 80 more
INFO   | jvm 1    | 2017/10/25 16:04:27 | Caused by: KrbException: Fail to create credential. (63) - No service creds
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:299)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:456)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:641)
INFO   | jvm 1    | 2017/10/25 16:04:27 |                 ... 84 more

SAS Employee
Posts: 283

Re: Single Sign-On configuration for SAS Visual Analytics

Posted in reply to 123456789123456

@123456789123456,

 

First of all, make sure that the object spawner account has the trusted for delegation privilege.

☑ This topic is solved.

Need further help from the community? Please ask a new question.

Discussion stats
  • 8 replies
  • 1387 views
  • 10 likes
  • 6 in conversation