Hi Eric,

I have a requirement to do SPnego Integration with CRM2007 which has been installed on Unix server.Can you please provide me steps to do this Integration.

It will be great if you can provide me step by step.

- Amy

OK guys... there is a "STANDARD" way to do this utilizing the SAPLOGONTICKETS. Unlike has been said before.. there does NOT need to be some non-standard module developed to redirect the app from the java stack to the ABAP stack. The issue we ran into is that the WebGUI (integrated ITS) does not support any form of authentication with your windows domain unless x.509 tickets are used. This prevents the WebGUI from utilizing your windows domain login for SSO into the ABAP stack's web interface.

1) We setup a trust between the Java and ABAP and between ABAP and Java.

2) Next we setup SPNego on the java stack to utilize IWA. The SPNego establishes SSO between the windows machine and Java.

The next trick we had was how to get the java stack to "redirect' to the URL for the WebGUI. As has been explained here before, you could develop a custom java app to do your redirect then call that java app from your web browser. We did not like having any "customization" to our system. When installing the CRM system, we chose to install the CRM 2007 Business Packages which forced us to install the EP_Core and EP usage types. To resolve this we...

3) went into the local portal on the CRM box and created a new URL IView. In the URL IView we put the URL of the CRM WebGUI (.../crm_ui_frame).

4) Called the IView from the web browser. This allowed the SAP java framework to be accessed forcing the user to be authorized via SPNego then redirecting the request to the WebGUI. Since the autorization of the java stack is trusted in the abap stack, you are given access to the WebGUI interface.

Hope this helps those who, like us, prefer no non-standard authentication options.

A wonderful response from SAP. You would think that they would manage to support this, but I guess not!

==================================================================

30.09.2008 - 20:35:17 CET - Reply by SAP

Hello,

yes I confirm that SPnego will not work here. SPnego will

only work using the Java stack of a Web Application Server but not

for the ABAP stack.

Many thanks,

Christopher Leonard

Senior Support Consultant II

SAP Active Global Support

30.09.2008 - 20:09:04 CET - Info for SAP by Customer

Please verify that SPNego will NOT work (this may well BE a program

error) and that the only way I can have SSO into the CRM WebGui in

CRM2007 is via x.509 certs or by going thru EP (authenication through

the portal and saplogontickets)!

Please verify that this is a program limitation and that my

understanding is correct.

Regards,

30.09.2008 - 18:37:02 CET - Reply by SAP

Hello,

there are a number of options here (actually the number is 2... why not just say 2)

- use logon tickets issued by a portal for example to the users

browser that are accepted by the CRM system

- install X.509 certifcates eg SAP Passport to all CRM users's

browsers

You can find further information at http://www.service.sap.com/security ->

security in detail .

The circumstances you have described relate to a consulting issue

rather than giving evidence of a possible error and/or bug with

standard delivered SAP products and/or documentation.

We regret to inform you that this falls outside of the scope of

SAP Active Global Support under the SAP maintenance agreement.

You can find further details in SAP note 83020.

Our mission is to help you, our customers, with any error and/or bug of

standard delivered software licensed from SAP. Our tasks do not include

providing suggestions about system operation, configuration, how-to

request, etc.

You might also have a look at "The SAP Eco-System in a Nutshell" at

http://service.sap.com/~sapdownload/011 ... 45642006E/ .

Many thanks,

Christopher Leonard

Senior Support Consultant II

SAP Active Global Support