This error is generally received if the KRB5.conf doesn't have a correct domain or cross-domain information. Below are some possible causes and their solutions:
a) To check if domain is correct or incorrect-
- Open the krb5.conf from <Spotfire Server Install>\jdk\jre\lib\security\ for Spotfire Server 10.2 and lower and <Spotfire Server Install>tomcat\spotfire-config for 10.3 and higher
- Make sure that the Krb5.conf has the correct domain realm information e.g
========
[libdefaults]
default_realm = TSSTEST.LAB
default_keytab_name = spotfire.keytab
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
forwardable = true
[realms]
TSSTEST.LAB = {
kdc = tsstest.lab
admin_server = tsstest.lab
default_domain = tsstest.lab
}
[domain_realm]
.tsstest.lab = TSSTEST.LAB
tsstest.lab = TSSTEST.LAB
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
========
b) When multiple domains are used and if krb5.conf file misses the multiple domain information:
Refer to the below KB article for detailed example on krb5.conf file
https://support.tibco.com/s/article/Configuring-krb5-conf-when-setting-up-Kerberos-authentication-across-multiple-domainsc) When cross-realm authentication is used, and the krb5.conf file misses the information required for the redirection. Review the below link for more information on how to set the paths:
https://docs.oracle.com/cd/E19253-01/816-4557/setup-87/index.html