Kerberos and SSO

 
Author
Message
PRE
Super SysAider
50
 
You can spare your effort and time to call SysAid, since they aren't able to help you anyway.

We've the same problem (GSSException: Failure unspecified at GSS-API level) and I opened a support case about three month ago. There was several tries in remote session to solve this, but they didn't fix it. The least I heard from SysAid was, that they are reviewing the log files (again, was done already three times before) and our group policies. Since one month I didn't get any answer anymore. Meanwhile I don't believe in a solution anymore and I'm disappointed.

This message was edited 1 time. Last update was at Dec. 07, 2013 05:24 PM

SysAid Customer Relations
36
 
Dear Pre,

First of all we'd like to thank you for you're feedback.

In you're specific case we understand that due to A unique 'Active Directory' configuration (Kerberos with AES-256 encryption) SSO using Kerberos isn't working, we'd like to emphasize this isn't the case for most of our customers who tried setting up SSO using Kerberos and succeeded.

Like any software vendor we know that there will always be unique cases where our software interacts with 3rd party software, these unique cases will always take longer then usual as they differ from common configurations and sometimes even require assistance from the 3rd party software vendor.

With that being said we will still try and do our utmost in solving you're issue with SSO using Kerberos with AES-256.

Kind Regards,
Danny Gueta.
JSH
SysAider
47
 
Hi,

I know this is a very old thread, but today our NTLM SSO stopped working and I am now trying to setup Kerberos instead.

I believe we have it running - more or less - after a lot of trial and errors. eg. the AES_256 error.

We get the logon-page and manually able to logon on (if we remember to use upper or lower case in username)

But like most of you, I would like to have it working without logging in manually and use SSO.

Were any of you able to make it work? -

We are running SysAid v.16.3.16
Super SysAider
53
 
Hi,
as some time passed over, NTLMv1 is an obsolete and vulnerable protocol. In network environments with standard security level NTLMv1 is forbidden at all. So we face the necessity change SysAit to other SW if this problem wouldn't be solved in short time. Is anybody of you using SysAid using SSO on NTLMv2 or Kerberos?
I welcome every advice.

Thanks,

Karel
SysAider
1
 
We also have had zero success implementing Kerberos, have an open ticket with SysAid.

FYI, version 19 on premise has broken NTLMv1 which we were using on version 18. Installing ADFS onto the domain seems like a sledgehammer approach just to get SysAid doing SSO again. Apparently using IIS is an option to help SSO work, can we get some guidance for this please?
Super SysAider
53
 
Hi,
if the NTLMv1 wouldn't be functional in production version 19 there is no way to upgrade. The ADFS isn't possible solution for us. I assume KERBEROS as authentication standard. Where are problems for SysAid?
I am not a programmer, but I see many step-by-step guides how to configure environment for KERBEROS, like this.
https://examples.javacodegeeks.com/enterprise-java/tomcat/apache-tomcat-kerberos-authentication-tutorial/

What SysAid recomeds for us? We are forced to stay on version 18 forever?

Thanks.