Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SPNego on multiple domains

Hi All

We're on NW Portal 7.0 SP23.

We have Kerberos authentication setup where:

Prod-Portal is connected to Prod-LDAP, SSO works fine on Primary-DOMAIN and

QA-Portal is connected to QA-LDAP and SSO works fine on Secondary-DOMAIN.

When a user existing in Prod-LDAP logs in to Primary-DOMAIN and access Prod-Portal, SSO works fine.

Similarly, when a user existing in QA-LDAP logs into Secondary-DOMAIN and accesses QA-Portal, SSO works fine.

If we want to enable SSO for QA-Portal on the Primary-DOMAIN, (in addition to other configuration) do we need to change our UME to point to Primary-LDAP and/instead of Secondary-LDAP, considering that the user names in Primary-LDAP and Secondary-LDAP are the same? (Secondary-LDAP is a subset of Primary-LDAP)

I think we do, but want to find out if there is any other way.



Former Member
Not what you were looking for? View more on this topic or Ask a question