Christophs Weblog

Vierundzwanzig sind zu wenig

Single-Sign-On using Apache AuthType Kerberos

When you extend your kerb.keytab to accept additional HTTP service names, you might get the following error in your Apache webserver logs:

gss_accept_sec_context() failed: Invalid token was supplied (, No error)

If you’re sure that everything is (should be) configured correctly and you cannot explain why it’s still not working …

… then WAIT.

It might be due to a delayed ActiveDirectory replication, caching, or something totally different. I haven’t digged into it, but it worked for me ūüôā

Christophs Weblog © 2009-2017