cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Single Sign On with Microsoft AD

Former Member

on ‎10-09-2008 7:46 AM

0 Kudos

Hi

I've tried to implement the single sign on with an Microsoft Active Directory. I followed several documentations on the sdn.sap.com but unfortunately it doesn't work yet.

I've done the following steps:

- created a user in the active directory j2ee-<SID>

- runned the "setspn ..." cmd on the kerberos machine (domain controller)

- runned the spnego wizard from the NW Administrator (http://portal:50000/nwa -> configuration management -> security -> spnego configuration)

- added the login module "SPNegoLoginModule" to the "ticket-policy configuration"

- modified the existing policy configuration "com.sun.security.jgss.accept" and added the SPNegoMappingLoginModule

- I am able to login with the domain user/password on the portal frontend

- internet explorer is configured to use integrated authentication and the portal website is in the intranet zone

When I open the portal site with Internet Explorer the site opens but i see the login screen. Therefor it doesn't automatically login. Which step did I miss?

Thanks for your answers,

Thierry

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎03-12-2009 6:04 PM
0 Kudos

Hi Thierry,

can you please let me know how did you resolved it?

Regards

Show replies
Show replies
Former Member
‎10-09-2008 11:36 AM
0 Kudos

Thierry,

I think this issue has been resolved earlier by installing the right JDK version.

Which JDK Veriosn that you have?

See the solution for the SPNEGO Bug Fixing :

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6572805

For any JDK Version simply add :

isInitiator = false in your Visual Admin

-->Security Provider -->com.sun.security.gss.accept -->Krb5LoginModule

Parameter isInitiator and Value false. Save it and restart J2EE.

Regards,

Karthick Eswaran

Edited by: Karthick Eswaran on Oct 9, 2008 6:39 AM

Show replies
Show replies
Former Member
‎10-09-2008 12:17 PM
0 Kudos

Hi Karthick

Thanks for your answer. I have added the property to the Krb5LoginModule, restarted the server but unfortunately it still doesn't work. I always get the login screen instead the Internet Explorer is doing the login automatically.

Any other ideas? Is there somewhere a logfile where I can see if the Internet Explorer tries to login?

Thanks Thierry

Former Member
‎10-09-2008 1:41 PM
0 Kudos

Hey!

After rebooting the server and adjusting the clock, i am able now to login over sso! Thanks! But unfortunately when a SSO-logged-in user tries to do something on the portal (e.g. displaying the universal worklist), one gets an error "Content pass of Application Integrator failed".

Stacktrace:

#1.5 #000C297D0285001F000000020000036C0107E2FE224E5954#1223555581562#/System/Server#sap.com/com.sap.portal.appintegrator.sap#com.sap.portal.sapapplication#rit#231####6004019095fe11ddad5d000c297d0285#HTTP Worker [1]##0#0#Error#1#/System/Server#Plain###Content pass of Application Integrator failed.

Component Name: 'com.sap.portal.appintegrator.sap.WebDynpro',

Context Name (iView): 'pcd:portal_content/every_user/general/uwl/com.sap.netweaver.bc.uwl.uwlSapWebDynproLaunch',

Top Layer: 'WebDynpro/TopLayer',

Producer ID (FPN): 'null',

System Alias: 'SAP_LocalSystem',

#

Has anyone facing the same problem?

Thanks Thierry

Edit:

It is working when one is logging in with the same active directory user but manualy... strange behaviour

Former Member
‎10-09-2008 5:46 PM
0 Kudos

Thierry,

This is clearly shows that you are not able to login to 'SAP_LocalSystem' - Backend,because in the property of the SAP_LocalSystem for mapping type you might have given userid/password.

you have to configure SSO to backend system

[Configuring a Portal Server for SSO with Logon Tickets|http://help.sap.com/saphelp_nw70/helpdata/EN/89/6eb8e7af2f11d5993700508b6b8b11/frameset.htm]

Ask a Question