The specified principle is not known in the authentication system

问题

I have a C# client based on SSPI and Java server based on GSSAPI. The flow communication flow is as below.

1. Client creates TGT
2. Client passes TGT to server
3. Server uses the TGT and generates server token
4. Server passes the server token to client
5. Client uses that server token and generates the SGT

My communication flow breaks from the 6th step.

SSPI client failed to validate the server token with the error "Failed to invoke InitializeSecurityContext for a client. The specified principle is not known in the authentication system."

Seems like the SPN use in Java side can not be recognized by the C# SSPI. According to this link there is a windows compatible SPN name format. My spn which is used in Java side is as below.

HTTP/myserver-domain.com@test.local where test.local is the realm name. Any suggestion would be a great help.

Thanks

来源：https://stackoverflow.com/questions/37958942/the-specified-principle-is-not-known-in-the-authentication-system