02-19-2009 12:30 PM
Hi all,
I have an HCM (ERP 6 / SP14) doublestack system with ABAP/Java and a portal in which users use ESS/MSS.
I also have a standalone portal which consumes the afformer mentionend scenarios and which the clients use to logon to.
The front-end portal uses Active Directory as it's user data source while the HR-portal (backend) of course uses the ABAP stack. User-IDs are the same in all systemes (e.g 2031218 would be my id in AD and HR)
SSO between front-end portal and HR backend-system (ABAP/Java and portal) is working flawlessly for over 3 month and people use this solution on daily business.
We now decided to implement SSO with windows integrated authentication in the front-end portal and that also worked.
BUT! Now that we have SSO with windows integrated authentication in the front-end configured, the SSO to the backend portal does not work anymore.
My users don't receivce any backend roles via RRA anymore and in the HR system I can find the following error during login:
The authscheme found in the ticket does not exists. Authscheme = spnego
Why is it trying to do spnego in the backend??? I did not change anything in the SSO configuration between front-end and backend portal.
Was I supposed to change something in this part of my setup? Or did I do something wrong with the spnego configuration in my front-end portal?
<removed_by_moderator>
Kind regards,
Christian
Edited by: Julius Bussche on Feb 19, 2009 1:39 PM
02-19-2009 2:09 PM
05-18-2009 10:23 AM
Sorry to be so late providing the conclusion.
It is simply the case, that the SAP logon ticket was created with the policy configuration spnego. Now, this policy configuration obviously did not exist in my backend system as we did not deploy SSO using spnego there. Now, the frontend creates a logon ticket with the policy spnego and the backend portal does not know this policy and rejected the logon tickets issued to our users.
Solution: create a policy named spnego in the backend and make it use ticket as a template. Thats it! No further ajustments needed.
Greetings to all,
Christian