cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No header Cookie found using SSO22KERBMAP SSO to call MOSS web service

Go to solution
Former Member

on ‎07-23-2009 6:38 PM

0 Kudos

Hi,

I have read all related information from Andre Fischer and others in SDN. We have the SSO22KERBMAP module installed in a Sharepoint 2007 server and did some testing. I am using the SOAPUI testing tool to call the Copy-GetItem web service in Sharepoint and manually added a portal logon ticket to the HTTP header. Below is the log of the testing from the SSO22KERBMAP_<yymmdd> log file. I could see the ticket in the log but still the error says "No header Cookie found".

I have followed the troubleshooting instruction from the document included in the installation kit but still have no clue what may be the problem. Please help.

09:37:17 1668/5404 I SSO22KerbMap.dll 1.1.0.8 is initialized
                SSO22KerbMap configuration in C:\Program Files\SAP\SSO22KerbMap.ini:
                  PseFile: C:\progra~1\SAP\verify.pse
                  ServicePrincipalName: HOST/ice-zs305.rfp.icepoc.com
                  FilterPriority: High
                  SSO2AccountAttribute: sAMAccountName
                  LogLevel: 3
                  Activated SSO logfile: C:\Program Files\SAP\SSO22KerbMap_SSO.log

09:37:18 1668/5404 I ADSI Configuration for delegation on host ICE-ZS305:
                ServicePrincipalNames:
                  HOST/ICE-ZS305
                  HOST/ICE-ZS305.rfp.icepoc.com
                Delegation allowed to following SPNs:
                  HOST/ICE-ZS305.rfp.icepoc.com
                  HOST/ICE-ZS305
                Delegation Flag:Use any authentication protocol: ACTIVE

09:37:19 1668/5404 I IIS SSO22KerbMap Module configured on following Web Sites:

.....reached length limit....more log in next reply

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-23-2009 6:40 PM
0 Kudos 
09:37:19 1668/5404 I WebSite GBIP-POC (IIS://LOCALHOST/W3SVC/1731927041)
                  Authentication(WebSite):  Integrated Windows Authentication
                  Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)
                  Identity (Application Pool): Local System
                  SubFolders (GBIP-POC)
                    Filters
                       SAPSSO
                    Root (Authentication:  Integrated Windows Authentication)
                       _controltemplates (Authentication:  Integrated Windows Authentication)
                       _layouts (Authentication:  Integrated Windows Authentication)
                          images (Authentication:  Integrated Windows Authentication  Anonymous)
                          inc (Authentication:  Integrated Windows Authentication  Anonymous)
                       vtibin (Authentication:  Integrated Windows Authentication)
                       _wpresources (Authentication:  Integrated Windows Authentication)
                       aspnet_client (Authentication:  Integrated Windows Authentication)
09:37:19 1668/5404 I IMPORTANT: Check that the Virtual directory of your target application is running
                           on 'Integrated Windows Authentication'!
...................................
10:33:04 1668/5404 i OnPreprocHeaders: POST /_vti_bin/copy.asmx HTTP/1.1
                     CONTENT_LENGTH:362
                     CONTENT_TYPE:text/xml;charset=UTF-8
                     HOST:gbip-poc.rfp.icepoc.com
                     USER_AGENT:Jakarta Commons-HttpClient/3.1
                     SOAPACTION:"http://schemas.microsoft.com/sharepoint/soap/GetItem"
                     MYSAPSSO2:AjExMDAgAA5wb3J0YWw6QzAwNDA0OYgAE2Jhc2ljYXV0aGVudGljYXRpb24BAAdDM.......
10:33:04 1668/5404 i getAccountFromCookie: No header Cookie found
10:33:04 1668/5404 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
Show replies
Show replies
Andre_Fischer
Product and Topic Expert
Product and Topic Expert
‎07-30-2009 9:28 AM
0 Kudos

Hi Che,

the cookie is not recognized since it seems that the domain of the portal that issues the ticket is not the same as the domain the sharepoint server belongs to.

SAP Logon Tickets are not sent beyond domain boundaries since they are session cookies.

In the logfile I see the following entry

HOST:gbip-poc.rfp.icepoc.com

REFERER:http://myworkplace-z.d52.lilly.com

You can test this from a browser by maintaining your local hosts file.

There you should add a hostname like

myworkplace-z.rfp.icepoc.com

and add the ip-adress of myworkplace-z.d52.lilly.com

By this trick both servernames are treated such that the DNS domain is the same.

Best regards,

André

Former Member
‎07-31-2009 3:41 PM
0 Kudos

Thanks Andre. It is indeed caused by the corss-domain issue. The logon ID can be retrieved from the SAP logon ticket using the HOSTS file trick.

But unfortunately this SSO22KERBMAP module is not good for us as we have Active Directory Forests. Will need to find other solution.

Answers (0)

Ask a Question