HI, I face an issue trying to set IWA auth for users. IWA is functional for web application, but i'am unable to start workspace via SASStudio application or via EG. My configuration : -Middle tier, meta, compute on three separate Linux server (RH) -Workspace server is bind to an LDAP directory via PAM. -Kerberos binding to AD is functionnal (other middle tier app starts well with IWA) As you see below, the kerberos auth and delegation seems ok, but the workspace don't start. I guess that I face a user mismatch between the AD and the Ldap (users are lowercase in the ldap eg :"albert") I wonder if there is a way to bind the username returned by the iwa auth with the ldap user as this one is used to launch the workspace. Or maybe I'am going the wrong way ??? Here is the ObjectSpawer logs (user have been changed) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >metaserver< (Standard options) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >bifrmetadev.compagny.fr< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >metaport< (Standard options) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >8561< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >metarepository< (Standard options) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >Foundation< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >locale< (Client requirement) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >fr_FR< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >objectserver< (Standard options) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >objectserverparms< (Standard options) 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >protocol=bridge spawned spp=43996 cid=0 dnsmatch=bifrcompdev.agf.fr pb classfactory=440196D4-90F0-11D0-9F41-00A024BB830C server=OMSOBJ:SERVERCOMPONENT/A5MARO40.AY000009 cel=credentials recon< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - Environment variables are: 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >METAUSER< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >ALBERT @!*(generatedpassworddomain)*!< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >METAPASS< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - >********< 2019-04-12T14:27:54,760 DEBUG [00000057] :ALBERT - Obtained krb5 ccache handle: 7fb898021630 2019-04-12T14:27:54,812 DEBUG [00000057] :ALBERT - Freed krb5 ccache handle: 7fb898021630 2019-04-12T14:27:54,813 ERROR [00000057] :ALBERT - Access denied. 2019-04-12T14:27:54,813 ERROR [00000057] :ALBERT - The launch of server SASApp - Workspace Server for user ALBERT failed. Here is the sasauth-debug.logcat 20190412-14:40:25 Authenticating user ALBERT via GSS 20190412-14:40:25 Context username: ALBERT @GROUPE.COMPAGNY.FR 20190412-14:40:25 Context username length: 24 20190412-14:40:25 Server Name: SAS/bifrcompdev.compagny.fr@GROUPE.COMPAGNY.FR 20190412-14:40:25 Unknown user when getting user attributes. 20190412-14:40:25 User ALBERT did not authenticate. Reason: 'Unspecified reason.' (gss) 20190412-14:40:25 Request failed: 'User did not authenticate.'
... View more