on 09-29-2008 3:47 PM
We are currently using WIA to access our sap systems. I have been able to setup the GUI using SNC/NTLM and the java interface using SPNego... HOWEVER, it seems that the integrated webgui (ITS, crm_ui_frame) does not log in automatically. Loggin into Java does work correctly (SPNego) and logging in via the logon pad does log on successfully (SNC/NTLM).
Has anyone else had this issue and found a resolution?
Edited by: Eric Green on Sep 29, 2008 9:48 AM
Hi Eric,
I have a requirement to do SPnego Integration with CRM2007 which has been installed on Unix server.Can you please provide me steps to do this Integration.
It will be great if you can provide me step by step.
- Amy
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
OK guys... there is a "STANDARD" way to do this utilizing the SAPLOGONTICKETS. Unlike has been said before.. there does NOT need to be some non-standard module developed to redirect the app from the java stack to the ABAP stack. The issue we ran into is that the WebGUI (integrated ITS) does not support any form of authentication with your windows domain unless x.509 tickets are used. This prevents the WebGUI from utilizing your windows domain login for SSO into the ABAP stack's web interface.
1) We setup a trust between the Java and ABAP and between ABAP and Java.
2) Next we setup SPNego on the java stack to utilize IWA. The SPNego establishes SSO between the windows machine and Java.
The next trick we had was how to get the java stack to "redirect' to the URL for the WebGUI. As has been explained here before, you could develop a custom java app to do your redirect then call that java app from your web browser. We did not like having any "customization" to our system. When installing the CRM system, we chose to install the CRM 2007 Business Packages which forced us to install the EP_Core and EP usage types. To resolve this we...
3) went into the local portal on the CRM box and created a new URL IView. In the URL IView we put the URL of the CRM WebGUI (.../crm_ui_frame).
4) Called the IView from the web browser. This allowed the SAP java framework to be accessed forcing the user to be authorized via SPNego then redirecting the request to the WebGUI. Since the autorization of the java stack is trusted in the abap stack, you are given access to the WebGUI interface.
Hope this helps those who, like us, prefer no non-standard authentication options.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
A wonderful response from SAP. You would think that they would manage to support this, but I guess not!
==================================================================
30.09.2008 - 20:35:17 CET - Reply by SAP
Hello,
yes I confirm that SPnego will not work here. SPnego will
only work using the Java stack of a Web Application Server but not
for the ABAP stack.
Many thanks,
Christopher Leonard
Senior Support Consultant II
SAP Active Global Support
30.09.2008 - 20:09:04 CET - Info for SAP by Customer
Please verify that SPNego will NOT work (this may well BE a program
error) and that the only way I can have SSO into the CRM WebGui in
CRM2007 is via x.509 certs or by going thru EP (authenication through
the portal and saplogontickets)!
Please verify that this is a program limitation and that my
understanding is correct.
Regards,
30.09.2008 - 18:37:02 CET - Reply by SAP
Hello,
there are a number of options here (actually the number is 2... why not just say 2)
- use logon tickets issued by a portal for example to the users
browser that are accepted by the CRM system
- install X.509 certifcates eg SAP Passport to all CRM users's
browsers
You can find further information at http://www.service.sap.com/security ->
security in detail .
The circumstances you have described relate to a consulting issue
rather than giving evidence of a possible error and/or bug with
standard delivered SAP products and/or documentation.
We regret to inform you that this falls outside of the scope of
SAP Active Global Support under the SAP maintenance agreement.
You can find further details in SAP note 83020.
Our mission is to help you, our customers, with any error and/or bug of
standard delivered software licensed from SAP. Our tasks do not include
providing suggestions about system operation, configuration, how-to
request, etc.
You might also have a look at "The SAP Eco-System in a Nutshell" at
http://service.sap.com/~sapdownload/011 ... 45642006E/ .
Many thanks,
Christopher Leonard
Senior Support Consultant II
SAP Active Global Support
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.