Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-4494

AcquireCredentialsHandle: The token supplied to the function is invalid

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.24.1
    • Affects Version/s: 1.23.0
    • Component/s: Compass
    • None
    • Environment:
      Windows 7 Enterprise SP1
      running in a Active Directory domain forest
    • Not Needed

      Problem Description

      When logging in with Kerberos error messages on token validity show up which differ dependent on using url or explicit parametrization. App is then non-functional. Despite error message embedded MongoDB shell seems to work. Issuing a valid command through shell and refreshing the data makes the app behalf normally.

       

      Steps to Reproduce

      When logging from New Connection screen with url

       

      mongodb://<user>%40<REALM>:@mongodb:27017/?gssapiServiceName=mongodb&authMechanism=GSSAPI&readPreference=primary&authSource=%24external&appname=MongoDB%20Compass&ssl=false
      

      it shows "AcquireCredentialsHandle: The token supplied to the function is invalid"

      When then switching to "Fill in connection fields" and connect from there the

      screen switches to normal view with error message "An error occurred while loading navigation: InitializeSecurityContext: The token supplied to the function is invalid" on top.

      However, MongoSH Beta at the botton is in fact connected.

       

      View -> reload data

      has not effect

       

      Issuing a valid command in MongoSH and after that retrying

      View -> reload data

      populated the upper part of the screen and the app works as expected from then on. 

      Expected Results

      login via url or parameters should behave the same

      login with valid Kerberos credentials should work

      Actual Results

      login via url or parameters behaves different

      login with valid Kerberos credentials does only work on embedded shell

      Additional Notes

      I verified the correct Kerberos setup on server side with a mongosh connection from a Linux machine using GSSAPI. Also server log indicates that GSSAPI handshake with compass did complete.

       

       

        1. image-2020-11-11-11-47-33-584.png
          78 kB
          Nils Dehn
        2. image-2020-11-11-11-48-37-293.png
          45 kB
          Nils Dehn
        3. image-2020-11-11-11-50-32-520.png
          53 kB
          Nils Dehn
        4. image-2020-11-11-11-51-40-723.png
          68 kB
          Nils Dehn

            Assignee:
            Unassigned Unassigned
            Reporter:
            mail@nils-dehn.de Nils Dehn
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: