Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SPNego on multiple domains

Hi All

We're on NW Portal 7.0 SP23.

We have Kerberos authentication setup where:

Prod-Portal is connected to Prod-LDAP, SSO works fine on Primary-DOMAIN and

QA-Portal is connected to QA-LDAP and SSO works fine on Secondary-DOMAIN.

When a user existing in Prod-LDAP logs in to Primary-DOMAIN and access Prod-Portal, SSO works fine.

Similarly, when a user existing in QA-LDAP logs into Secondary-DOMAIN and accesses QA-Portal, SSO works fine.

If we want to enable SSO for QA-Portal on the Primary-DOMAIN, (in addition to other configuration) do we need to change our UME to point to Primary-LDAP and/instead of Secondary-LDAP, considering that the user names in Primary-LDAP and Secondary-LDAP are the same? (Secondary-LDAP is a subset of Primary-LDAP)

I think we do, but want to find out if there is any other way.

Thanks

Manoj

Former Member
Not what you were looking for? View more on this topic or Ask a question