Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO from Portal to ABAP Backend stopped working after setup of spnego

christian_gnther3
Participant

‎02-19-2009 12:30 PM

0 Kudos

Hi all,

I have an HCM (ERP 6 / SP14) doublestack system with ABAP/Java and a portal in which users use ESS/MSS.

I also have a standalone portal which consumes the afformer mentionend scenarios and which the clients use to logon to.

The front-end portal uses Active Directory as it's user data source while the HR-portal (backend) of course uses the ABAP stack. User-IDs are the same in all systemes (e.g 2031218 would be my id in AD and HR)

SSO between front-end portal and HR backend-system (ABAP/Java and portal) is working flawlessly for over 3 month and people use this solution on daily business.

We now decided to implement SSO with windows integrated authentication in the front-end portal and that also worked.

BUT! Now that we have SSO with windows integrated authentication in the front-end configured, the SSO to the backend portal does not work anymore.

My users don't receivce any backend roles via RRA anymore and in the HR system I can find the following error during login:


The authscheme found in the ticket does not exists. Authscheme = spnego

Why is it trying to do spnego in the backend??? I did not change anything in the SSO configuration between front-end and backend portal.

Was I supposed to change something in this part of my setup? Or did I do something wrong with the spnego configuration in my front-end portal?

<removed_by_moderator>

Kind regards,

Christian

Edited by: Julius Bussche on Feb 19, 2009 1:39 PM

2 REPLIES 2

Former Member

‎02-19-2009 2:09 PM

0 Kudos

This looks like a support problem.

christian_gnther3
Participant
In response to Former Member

‎05-18-2009 10:23 AM

0 Kudos

Sorry to be so late providing the conclusion.

It is simply the case, that the SAP logon ticket was created with the policy configuration spnego. Now, this policy configuration obviously did not exist in my backend system as we did not deploy SSO using spnego there. Now, the frontend creates a logon ticket with the policy spnego and the backend portal does not know this policy and rejected the logon tickets issued to our users.

Solution: create a policy named spnego in the backend and make it use ticket as a template. Thats it! No further ajustments needed.

Greetings to all,

Christian