Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego on multiple domains

MG3
Contributor
0 Kudos

Hi All

We're on NW Portal 7.0 SP23.

We have Kerberos authentication setup where:

Prod-Portal is connected to Prod-LDAP, SSO works fine on Primary-DOMAIN and

QA-Portal is connected to QA-LDAP and SSO works fine on Secondary-DOMAIN.

When a user existing in Prod-LDAP logs in to Primary-DOMAIN and access Prod-Portal, SSO works fine.

Similarly, when a user existing in QA-LDAP logs into Secondary-DOMAIN and accesses QA-Portal, SSO works fine.

If we want to enable SSO for QA-Portal on the Primary-DOMAIN, (in addition to other configuration) do we need to change our UME to point to Primary-LDAP and/instead of Secondary-LDAP, considering that the user names in Primary-LDAP and Secondary-LDAP are the same? (Secondary-LDAP is a subset of Primary-LDAP)

I think we do, but want to find out if there is any other way.

Thanks

Manoj

4 REPLIES 4

Former Member
0 Kudos

Hello Manoj,

I just came to your entry. We are in the same situation of enabling two domains into one portal.

Also we do have same users in both LDAP.

Did you solve your configuration?

How did you proceed?

kind regards

Darijo

0 Kudos

Hi Darijo

Sorry, the requirement then was low priority and I didn't get a chance to try it out. I do hope you find a solution, and when you do, I hope you share.

Thanks

Manoj

0 Kudos

This message was moderated.

0 Kudos

Hi Darijo,

the SPNego module of SAP NetWeaver Java server supports in general multitiple domains. I just checked in in a test system but I cannot tell you right know, in which SP  this was implemented.

So for the use case above: You can create a keytab entry for an additional domain entry at the SPNego moduule. But his works only if the users names in the Q and P system are the same. Otherwise you will have a user mapping issue.

Configuration SPNego module:

Mapping mode -> Principal only

Source -> Logon ID

Best Regards

Matthias