Troubleshooting
This section describes the issues and their solutions while utilizing the Kerberos SSO mechanism.
Table: Kerberos SSO Troubleshooting
| Issue | Reason | Solution |
The following message appears while logging in with
SSO.Login Failure: SPNEGO authentication is not supported on this client. | The browser is not configure to handle SPNEGO authentication | Configure the browser to perform SPNEGO
authentication. For more information about configuring the
browser settings, refer Configuring
browsers. |
The following message appears while logging in with
SSO.Login Failure: Unauthorized to SSO Login. |
| Ensure that the following points are considered:
For more information about configuring user role, refer Importing
Users and assigning role. |
The following error appears while logging in with
SSO.Login Failure: Please contact System Administrator | The JWT secret key is not the same between the appliances. | If an appliance is using an LDAP of another appliance for user authentication, then ensure that the JWT secret is shared between them. |
The following error appears while logging in with
SSO.Login Failure: SSO authentication disabled | This error might occur when you are using LDAP of another appliance for authentication. If SSO in the appliance that contains the LDAP information is disabled, this error message appears. | On the ESA Web UI, navigate to System > Settings > Users > Advanced and check Enable SSO check box. |
| When you are using an LDAP of another appliance for authentication and logging in using SSO, a Service not available message appears on the Web browser. |
| Ensure the following:
|