I have been trying to configure Kerberos SSO constrained delegation with AD and RSA. My Auth Server is RSA and the user authenticates successfully. When I try to access a web resource I am getting a validation failed message when the SA2500 (6.5r4) tries to get a Kerberos ticket. See log below ...
- WebRequest completed, GET to http://x.qqq.com:80// from 192.168.3.4 result=401 sent=14 received=1656 in 1 seconds
- Fetch Kerberos TGT for user xxx, realm qqq.com failed: Credential validation failed against dc.qqq.com
- WebRequest ok : Host: x.com, Request: GET / HTTP/1.1
- Login succeeded for xxx/yyy Realm from a.b.c.d.
The SSO is set up to use constrained delegation and the Active Directory delegate user is configured correctly.
I can't find any information on the "Credential Validation Failed" message.
Have you seen this before?
Any help would be appreciated.
Did you find what was causing this error message ?