Skip to Content

HTTP Status 500 – com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException:


While logging into the BI launchpad after configuring the BOBJ server, it throws the below error.

Error message:

HTTP Status 500 – com.wedgetail.idm.sso.ProtocolException: com.wedgetail.idm.spnego.server.SpnegoException: GSSException:
Failure unspecified at GSS-API level (Mechanism level:
Successfully matched service principal “XXXXXX”  but not key type (18) + KVNO (4) in this entry: Principal: [1] XXXXXX
TimeStamp: Thu Jan 01 01:00:00 GMT 1970 KVNO: -1 EncType: 23 Key: 16 bytes, fingerprint = [97 34 3b e6 82 44 5f fc cf 24 a3 a8 d2 c8 f1 94] )


The BOBJ server was a image copy of another BOBJ server and hence the SPN and Kerbros keytab files were already configured with SSO. But in the new system since the SPN and keytab entries are not set up, these old entries along with SSO enabled set up will not work. It will always throw this error, when we try to launch BI launchpad.


Need to set SSO.Enabled=false in Global.Properties file at installation directory\tomcat\webapps\BOE\WEB-INF\config\custom .

After setting , need to restart Tomcat to get the changes in effect.

Hope this helps..

You must be Logged on to comment or reply to a post.
  • We had this on a new installation of BI4.1 SP05, and we could not find anything wrong with the configuration.

    It did the trick! It’s working now.

    Thank, that’s amazing!

  • Hi Manna,

    From my experience, the HTTP 500 error may come from a kind of a “time out” of Tomcat trying to get the delegation for the SSO user. If you have a large domain, make sure to add the maxHttpHeaderSize parameter into Tomcat’s server.xml. Also, if you have many DC’s, that are spread in different physical sites, add the   to Tomcat’s and to Tomcat’s Java options. Last – make sure all setspn you have for HTTP sites are correct. I once had this issue with misspelled domain name in the machine’s FQDM.

    Hope this helps, Hagit