Closed prutheus closed 1 year ago
Hi @prutheus!
I think your problem is that the new JDK does not support RC4. Try using allow_weak_crypto = true
in the krb5.conf
to allow it. The keycloak does not select the alg to connect to the AD/Kerberos server. That depends on the keytab and configuration on the kerberos server. Usually you need to configure something in the AD for that user and regenerate the keytab. See for example this thread: https://stackoverflow.com/questions/70774313/jdk-17-java-17-kerberos-authentication-fail
Nevertheless try using keycloak user group instead of issues for these kind of questions. Issues are intended for bugs that are reproducible and devs can start working on them.
@rmartinc Thanks for the hint to the user.
I am closing as this doesn't look like a Keycloak issue, but rather related to the platform and/or Kerberos configuration. If you still think that it is Keycloak issue, please add the configuration of your krb5.conf
files (at least the encryption algorithms used) as well as your KDC configuration. Also please add the java version (and vendor) you use. Also note you can enable some additional logging as described in the troubleshooting section https://www.keycloak.org/docs/latest/server_admin/index.html#troubleshooting
Before reporting an issue
Area
token-exchange
Describe the bug
I have running a Keycloak instance via Docker. I want to use Kerberos Authentication. However, it seems to use a wrong encryption method. When trying to login via Keycloak on a Windows Kerberos PC, I get following Exception in Keycloak logs:
I have Keycloak v21.0.2 deployed. Why is the latest version trying to do some outdated
RC4-HMAC
encryption?However, my key tab only supports
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
but was generated with/crypto all
.How to configure Keycloak to use AES for Kerberos? Or what to do to resolve this issue?
Version
21.0.2
Expected behavior
Kerberos authentication works as it uses AES
Actual behavior
Kerberos authentication fails with
KrbException: Encryption type RC4 with HMAC is not supported/enabled
How to Reproduce?
/-
Anything else?
No response