Are EasySSO Server Licenses Still Available to Purchase?
Answer:
The following error is noticed in the jespa.log file:
jespa.security.SecurityProviderException: Token Type:WRAPPED_LEGACY_KRB Failure unspecified at GSS-API level (Mechanism level: Encryption type RC4 with HMAC is not supported/enabled)
This error indicates that the end user and EasySSO attempted to authenticate using RC4 encryption, based on the settings of your domain, but that the underlying JVM does not support this weaker encryption type.
This can sometimes start occurring after an upgrade to the underlying Confluence or Jira instance since they bundle newer versions of Java as part of their default installation.
To fix this issue, you need to ensure that the computer account responsible for Kerberos authentication is configured to use a stronger encryption type.
To update this configuration, you can set the msDS-SupportedEncryptionTypes attribute on the computer account to 24 (0x18). This can be updated either using a Group Policy Object, or manually:
- Open Active Directory Users and Computers
- select View/Advanced Features
- Locate the computer record in Computers
- Double-click for Properties, Attributes Editor tab
- Find msDS-SupportedEncryptionTypes and change accordingly.