- SAP Community
- Groups
- Interest Groups
- Application Development
- Discussions
- SPNEGO doesn't work when basicauthentication set i...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
SPNEGO doesn't work when basicauthentication set in authschemes.xml
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2009 2:11 PM
Hi,
We found that the SPNEGO authentication works fine for portal when using form based authentication, but SPNEGO doesn't work when authschemes.xml changed to use HTTP basic authentication e.g. the browser popup screen is shown instead of authenticating using SPENGO.
The authschemes.xml changed to use basicauthentication instead of uidpwdlogon as follow:
<authscheme-refs>
<authscheme-ref name="default">
<authscheme>basicauthentication</authscheme>
</authscheme-ref>
<authscheme-ref name="UserAdminScheme">
<authscheme>uidpwdlogon</authscheme>
</authscheme-ref>
</authscheme-refs>
When I checked the HTTP trace, the response contains header "WWW-Authenticate=Basic" and not "WWW-Authenticate=Negotiate". Though "WWW-Authenticate=Negotiate" is set by the SPNEGO loginmodule, looks like the SAP logon application is resetting the WWW-Authenticate header back to "Basic" as basic authentication is used instead of form based authentication.
Any ideas on making SPNEGO work with HTTP basic authentication would greatly appreciated.
Thanks,
Srini
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2009 8:49 PM
Apples and pears are simply not the same ...
As you have posted correctly, the server sends out different header fields ("WWW-Authenticate=Negotiate" vs. "WWW-Authenticate=Basic") expecting the http client to react accordingly. Sorry, but if Basic Authentication is demanded by the server you cannot simply answer with SPNEGO (and vice versa).
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2009 8:59 PM
Woflgang,
Is it possible to configure the portal authschemes so that when logging onto the portal you can decide to use basic auth, or spnego auth, perhaps by using a different portal login url ?
Thanks,
Tim
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2009 9:04 PM
I think redirects are a problem here.
Perhaps you noticed in the past days that it was difficult to logon to SDN...
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2009 11:12 PM
Julius,
I am not clear what you mean - are you suggesting that this can be solved using redirects ?
Thanks,
Tim
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2009 6:10 AM
Hi Tim,
Sorry, my mistake then - I thought you were suggesting redirects.
Cheers,
Julius
- SAP Managed Tags:
- Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2009 10:14 AM
Thanks. I think it makes sense that the authentication set at server level overrides the authentication at loginmodules.
- SAP Managed Tags:
- Security
