Verify the configuration
The following checks can be executed to verify the configuration:
1. Run the setspn tool to see that the requested SPN is not duplicate. If it is duplicate, Single Sign On will not work:
setspn -T * -X
2. List the keytab and see that the content is as expected. Use java's klist:
<install>\Planon*\Server\jdk-*\bin\klist -t -K -e -k <your keytab filename including path>
Example outcome with keytab=tomcat.keytab:
Key tab: tomcat.keytab, 1 entry found.
[1] Service principal: HTTP/HostName.planon.com@PLANON.COM
KVNO: 0
Key type: 23
Key: 0x4e150649cdf4b2b394ccefbcd08d709a Time stamp: Jan 01, 1970 01:00
3. Try to login with the keytab using java's kinit:
PathTo\Server\jdk-*\bin\kinit -t PathTo\Tomcat.keytab HTTP/HostName.planon.com@PLANON.COM
If successful the return message for this call will be:
“New ticket is stored in cache file:…”