on 07-23-2009 6:38 PM
Hi,
I have read all related information from Andre Fischer and others in SDN. We have the SSO22KERBMAP module installed in a Sharepoint 2007 server and did some testing. I am using the SOAPUI testing tool to call the Copy-GetItem web service in Sharepoint and manually added a portal logon ticket to the HTTP header. Below is the log of the testing from the SSO22KERBMAP_<yymmdd> log file. I could see the ticket in the log but still the error says "No header Cookie found".
I have followed the troubleshooting instruction from the document included in the installation kit but still have no clue what may be the problem. Please help.
09:37:17 1668/5404 I SSO22KerbMap.dll 1.1.0.8 is initialized
SSO22KerbMap configuration in C:\Program Files\SAP\SSO22KerbMap.ini:
PseFile: C:\progra~1\SAP\verify.pse
ServicePrincipalName: HOST/ice-zs305.rfp.icepoc.com
FilterPriority: High
SSO2AccountAttribute: sAMAccountName
LogLevel: 3
Activated SSO logfile: C:\Program Files\SAP\SSO22KerbMap_SSO.log
09:37:18 1668/5404 I ADSI Configuration for delegation on host ICE-ZS305:
ServicePrincipalNames:
HOST/ICE-ZS305
HOST/ICE-ZS305.rfp.icepoc.com
Delegation allowed to following SPNs:
HOST/ICE-ZS305.rfp.icepoc.com
HOST/ICE-ZS305
Delegation Flag:Use any authentication protocol: ACTIVE
09:37:19 1668/5404 I IIS SSO22KerbMap Module configured on following Web Sites:
.....reached length limit....more log in next reply
09:37:19 1668/5404 I WebSite GBIP-POC (IIS://LOCALHOST/W3SVC/1731927041)
Authentication(WebSite): Integrated Windows Authentication
Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)
Identity (Application Pool): Local System
SubFolders (GBIP-POC)
Filters
SAPSSO
Root (Authentication: Integrated Windows Authentication)
_controltemplates (Authentication: Integrated Windows Authentication)
_layouts (Authentication: Integrated Windows Authentication)
images (Authentication: Integrated Windows Authentication Anonymous)
inc (Authentication: Integrated Windows Authentication Anonymous)
vtibin (Authentication: Integrated Windows Authentication)
_wpresources (Authentication: Integrated Windows Authentication)
aspnet_client (Authentication: Integrated Windows Authentication)
09:37:19 1668/5404 I IMPORTANT: Check that the Virtual directory of your target application is running
on 'Integrated Windows Authentication'!
...................................
10:33:04 1668/5404 i OnPreprocHeaders: POST /_vti_bin/copy.asmx HTTP/1.1
CONTENT_LENGTH:362
CONTENT_TYPE:text/xml;charset=UTF-8
HOST:gbip-poc.rfp.icepoc.com
USER_AGENT:Jakarta Commons-HttpClient/3.1
SOAPACTION:"http://schemas.microsoft.com/sharepoint/soap/GetItem"
MYSAPSSO2:AjExMDAgAA5wb3J0YWw6QzAwNDA0OYgAE2Jhc2ljYXV0aGVudGljYXRpb24BAAdDM.......
10:33:04 1668/5404 i getAccountFromCookie: No header Cookie found
10:33:04 1668/5404 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Che,
the cookie is not recognized since it seems that the domain of the portal that issues the ticket is not the same as the domain the sharepoint server belongs to.
SAP Logon Tickets are not sent beyond domain boundaries since they are session cookies.
In the logfile I see the following entry
HOST:gbip-poc.rfp.icepoc.com
REFERER:http://myworkplace-z.d52.lilly.com
You can test this from a browser by maintaining your local hosts file.
There you should add a hostname like
myworkplace-z.rfp.icepoc.com
and add the ip-adress of myworkplace-z.d52.lilly.com
By this trick both servernames are treated such that the DNS domain is the same.
Best regards,
André
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.