Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Stucked with secWinAD SSO (Vintela) on BOE XI 3.1 SP3

Hallo SDN,

i have made my way though the Configurationguide from Tim. Everything was working fine.

Users are synced to BO OK

Login with Clienttools OK

Kinit with bossosvcacct OK

Commit succeeded in stdout OK

manual login to CMC / InfoView with AD user OK

"credentials obtained" OK


at this point dcom.wedgetail.idm.sso.password is set in tomcats java parameters



SSO to Infoview doesnt work at all. KB 1379894 is used to setup IE on client/server.

Infoview still opens with username and password to be entered.

With Netmon on the client i get:


KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/


KerberosV5_TGS Request Realm: DOM.DOM.NET Sname: HTTP/

are both set with

setspn -a HTTP/Hostname(FQDN);IP bossosvcacct

on DC.

Is there anything i can check to get SSO working from a client?

DC is Win2k3x64 std en. Testclient is another server in same domain.



Former Member

Are you getting this error on the server or client? S_PRINCIPAL_UNKNOWN

It means that there are either duplicated or missing SPN's either the CMS SPN (set in the AD plugin service prinicpal name) or the HTTP SPN(s)

We have KB's as does microsoft on searching and removing duplicate SPN's



0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question