We have recently upgraded FMEflow from 2022 to 2023, resulting in SSO stopped working.
After changing the necessary encryption types in the service account on the AD server, we managed to get SSO working again.
However typing the AD username and password does not work.
The webgui gives the error : "Login failed, please try again."
And the error in fmedirectoryserver.log is as following:
Wed-23-Aug-2023 08:57:37.521 AM INFORM requesthandler 408039 : Authenticating user "******@*******.ORG" using SASL mechanism "GSSAPI" with KDC address "******.*******.org" and realm "*******.ORG"...
Wed-23-Aug-2023 08:57:37.778 AM ERROR requesthandler 408010 : Exception: "LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090346: LdapErr: DSID-0C0905D2, comment: AcceptSecurityContext error, data 80090346, v4563
Wed-23-Aug-2023 08:57:37.779 AM ERROR requesthandler 408009 : Failed to authenticate user "******@*******.ORG".
Wed-23-Aug-2023 08:57:37.792 AM ERROR system-event-client-7 410405 : System event SYSTEMEVENT_ERROR_LOG failed to submit: Error parsing parameter syseventObject of type IFMESYSTEMEVENT when value was <?xml version="1.0" encoding="UTF-8"?>
<SE_SUBMIT><SYSEVENT><name>SYSTEMEVENT_ERROR_LOG</name><body>Exception: "LDAPException(resultCode=49 (invalid credentials), diagnosticMessage='80090346: LdapErr: DSID-0C0905D2, comment: AcceptSecurityContext error, data 80090346, v4563�', ldapSDKVersion=4.0.14, revision=c0fb784eebf9d36a67c736d0428fb3577f2e25bb)"</body><HEADER><HEADERENTRY name="source" value="c3lzdGVtLWV2ZW50"/><HEADERENTRY name="time" value="MjAyMy0wOC0yM1QwODo1NzozNyswMjowMA=="/></HEADER></SYSEVENT></SE_SUBMIT>.If i disable SSO in "Windows Active Directory", regular sign in works again.
The machine is hosted in azure, and https is setup with an application gateway, i have therefore changed the SINGLE_SIGN_ON_AUTH_URL in tomcat properties file to the same url we use to reach the server (https://fme.*******.no/fmetoken/sso/generate), but the error still persists.
