Sun OpenSSO Enterprise 8.0 Deployment Planning Guide

Authentication Doesn't Work with Load Balancer

The Windows Desktop SSO Authentication module worked fine. Then it stopped working after the OpenSSO Enterprise server was configured as a server in a site configuration with a load balancer. .

The following message trace is displayed in the server-side debug log amAuthWindowsDesktopSSO:

02 a6 ff 1d 1c 3c e2 dc d4 89 66 b0 70 dd 6b b0
c1 a4 69 bd 29 29 54 05 04 e8 75
06/25/2007 09:13:56:559 AM PDT: Thread[service-j2ee,5,main]
In authenticationToken ...
06/25/2007 09:13:56:561 AM PDT: Thread[service-j2ee,5,main]
Context created.
06/25/2007 09:13:56:565 AM PDT: Thread[service-j2ee,5,main]
Authentication failed with GSSException.

You will also see a bigger Kerberos token than a normal token. Be sure the defined principal for the OpenSSO Enterprise server has load balancer fully-qualified domain name (FQDN). Example: HTTP/amlb.