09-11-2009 6:20 PM
I'm trying to make an connection between SAP and a Web Service with SM59 ( = HTTP Connection to External Server). But I always receive this error message:
'You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. '
The web service is created on Sharepoint. But Sharepoint does not allowed an Basic Authentication ( SM59- Logon & Security), only NTLM and Kerberos.
I there anybody who can help me?
Thanks!
09-12-2009 3:37 AM
Hi,
I doubt that SAP supports NTLM authentication. I would try to use proxy as a workaround. I would run proxy which would accept connections only from SAP application servers and forward those connections to Sharepoint. The proxy would perform NTLM authentication. I found [this|http://ntlmaps.sourceforge.net] written in python. There is even [version for Windows|http://tredosoft.com/ntlm_proxy_server]. I know it's not an enterprise solution but it should help.
Cheers
09-12-2009 3:37 AM
Hi,
I doubt that SAP supports NTLM authentication. I would try to use proxy as a workaround. I would run proxy which would accept connections only from SAP application servers and forward those connections to Sharepoint. The proxy would perform NTLM authentication. I found [this|http://ntlmaps.sourceforge.net] written in python. There is even [version for Windows|http://tredosoft.com/ntlm_proxy_server]. I know it's not an enterprise solution but it should help.
Cheers
09-17-2009 11:54 AM
Hi Martin,
Thank you very much for your response. It could be a solution for my problem, but unfortunately it is nicht very secure.
Cheers
09-17-2009 12:10 PM
Why not? Just curious. Or what do you mean by "very secure".
Thanks,
Martin
09-18-2009 12:18 PM
Hi!
Unfortunately I can not tell much more. My colleague told me, that it is okay but not very secure, because the login info (username und password) is not really protected.
Thanks.
09-18-2009 4:44 PM
As posted previously: there are alternatives to using password-based authentication.
Notice: it's preferrable to use solutions based on standards for communication between components of different vendors. Web Service Security offers more than just "username tokens".
Regards, Wolfgang
09-21-2009 8:40 PM
Hi
I'm sorry, I haven't seen yours links. They are very, very interesting.
Regards,
Chiara
07-05-2011 10:59 AM
Hi Chiara,
Do you have any solution? Do you mind to share that? We are also trying to extract data from Sharepoint via web service into SAP BI, but with no avail.
Kindly advise.
Thank you.
09-12-2009 7:45 PM
Hi,
Sharepoint supports Integrated Windows Authentication, which uses Kerberos by default, but if it is not possible to use Kerberos it will use NTLM and accept an NTLM token. I think you will find it is easier to find a solution using Kerberos, since this is more easily available on non-Windows operating systems (I assume your SAP system is on UNIX/Linux).
Thanks,
Tim
09-13-2009 1:19 PM
Sorry, but an NWAS ABAP does not support Kerbeors authentication, so far.
Thus, you cannot use Kerberos / "Windows Integrated Authentication" / SPNEGO when using the NWAS ABAP in the role of an Web Service consumer, as described in your posting.
What you need is an STS (Security Token Service) which is capable of converting one token (supported / provided by the NWAS ABAP) into another token (supported / accepted by the Sharepoint server). This is the way the standard is handling such situations (where WS consumer and WS provider do not support a common set of tokens).
[Microsoft 'Geneva'|http://blogs.msdn.com/card/archive/2008/11/04/microsoft-geneva-framework.aspx] might be of interest for you.
See also: [Wiki topic 'Single Sign on for Web Services'|http://wiki.sdn.sap.com/wiki/display/Security/SingleSignonforWeb+Services]
Edited by: Wolfgang Janzen on Sep 17, 2009 1:33 PM