on 10-09-2008 7:46 AM
Hi
I've tried to implement the single sign on with an Microsoft Active Directory. I followed several documentations on the sdn.sap.com but unfortunately it doesn't work yet.
I've done the following steps:
- created a user in the active directory j2ee-<SID>
- runned the "setspn ..." cmd on the kerberos machine (domain controller)
- runned the spnego wizard from the NW Administrator (http://portal:50000/nwa -> configuration management -> security -> spnego configuration)
- added the login module "SPNegoLoginModule" to the "ticket-policy configuration"
- modified the existing policy configuration "com.sun.security.jgss.accept" and added the SPNegoMappingLoginModule
- I am able to login with the domain user/password on the portal frontend
- internet explorer is configured to use integrated authentication and the portal website is in the intranet zone
When I open the portal site with Internet Explorer the site opens but i see the login screen. Therefor it doesn't automatically login. Which step did I miss?
Thanks for your answers,
Thierry
Hi Thierry,
can you please let me know how did you resolved it?
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thierry,
I think this issue has been resolved earlier by installing the right JDK version.
Which JDK Veriosn that you have?
See the solution for the SPNEGO Bug Fixing :
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6572805
For any JDK Version simply add :
isInitiator = false in your Visual Admin
-->Security Provider -->com.sun.security.gss.accept -->Krb5LoginModule
Parameter isInitiator and Value false. Save it and restart J2EE.
Regards,
Karthick Eswaran
Edited by: Karthick Eswaran on Oct 9, 2008 6:39 AM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Karthick
Thanks for your answer. I have added the property to the Krb5LoginModule, restarted the server but unfortunately it still doesn't work. I always get the login screen instead the Internet Explorer is doing the login automatically.
Any other ideas? Is there somewhere a logfile where I can see if the Internet Explorer tries to login?
Thanks Thierry
Hey!
After rebooting the server and adjusting the clock, i am able now to login over sso! Thanks! But unfortunately when a SSO-logged-in user tries to do something on the portal (e.g. displaying the universal worklist), one gets an error "Content pass of Application Integrator failed".
Stacktrace:
#1.5 #000C297D0285001F000000020000036C0107E2FE224E5954#1223555581562#/System/Server#sap.com/com.sap.portal.appintegrator.sap#com.sap.portal.sapapplication#rit#231####6004019095fe11ddad5d000c297d0285#HTTP Worker [1]##0#0#Error#1#/System/Server#Plain###Content pass of Application Integrator failed.
Component Name: 'com.sap.portal.appintegrator.sap.WebDynpro',
Context Name (iView): 'pcd:portal_content/every_user/general/uwl/com.sap.netweaver.bc.uwl.uwlSapWebDynproLaunch',
Top Layer: 'WebDynpro/TopLayer',
Producer ID (FPN): 'null',
System Alias: 'SAP_LocalSystem',
#
Has anyone facing the same problem?
Thanks Thierry
Edit:
It is working when one is logging in with the same active directory user but manualy... strange behaviour
Thierry,
This is clearly shows that you are not able to login to 'SAP_LocalSystem' - Backend,because in the property of the SAP_LocalSystem for mapping type you might have given userid/password.
you have to configure SSO to backend system
[Configuring a Portal Server for SSO with Logon Tickets|http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm]
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.