Migrating from shibboleth 2.x to 3.2. IDP server is Windows. Java jre1.8.0_66. I'm using kerberos for logon page authentication. I have a new keytab generated for 3.2 test server with krb5.ini, krb5-authn-config.xml and password-authn-config.xml configured. When I authenticate against the IDP, I receive "Login Failure: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))". When I look in the Active Directory security logs I have a successful pre-authentication logon. The IDP host name is in our DNS.
Here is how I'm pointing to the keytab file in krb5-authn-config.xml. Not sure if syntax is correct?
Also tried to absolute path c:_0="C:\Program Files (x86)\Shibboleth\IdP\credentials\aridp01-test.keytab" forward and backslash.
Her is the error in the process log.
2015-12-10 09:47:54,127 - WARN [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstKerberos:215] - Profile Action ValidateUsernamePasswordAgainstKerberos: Login by <username> failed during GSS context establishment to verify KDC
org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))
at sun.security.jgss.krb5.Krb5Context.initSecContext(Unknown Source)
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7)
at sun.security.krb5.KrbTgsRep.<init>(Unknown Source)
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(Unknown Source)