cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO22KerbMap module: User without domain extracted from cookie MYSAPSSO2

Go to solution
Former Member

on ‎10-31-2006 7:06 AM

0 Kudos

I have created a Repository Manager (Portal-KM 640/SP16 on HP-UX) for a WebDav on a IIS Windows Server having SSO22KerbMap ISAPI Module installed.

The user is not identified Windows side by SSO22KerbMap module because the domain is missing.

In the SSO22KerbMap log I find:

"Determined account myuser from cookie MYSAPSSO2"

but I should have for the user to be regognized by Windows:

"Determined account myuser@mydomain from cookie MYSAPSSO2"

What should I do, to have the domain with user name?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

claudia_baur
Employee
Employee
‎12-06-2006 9:37 AM
0 Kudos

hi,

you should change the configuration to use userPrincipalName instead of samAccountName. In this case you have to change the portal config and the SSO22KerbMap config.

Regards,

Claudia

Show replies
Show replies
Former Member
‎12-14-2006 7:11 AM
0 Kudos

Hi Claudia,

Even i have the same problem i guess...becoz...from ticket only username is fetched but not along with domain name.

I have raised the same in Portal implementation thread.

<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/sdn/profile?userid=368270">owa SSO Problem</a>

Can u please provide me the solution to that thread , so that i can even assign the points.

wat configuration i shud do in Portal and SSO22KerbMap ???

Regards,

Ricky

Former Member
‎12-14-2006 7:35 AM
0 Kudos

SSO22KerbMap Module is working OK. I configured it this way:

userPrincipalName = samAccountName

In this case, the SAP Portal “User ID” must match the Windows Active Directory “User Logon Name”.

claudia_baur
Employee
Employee
‎12-14-2006 9:47 AM
0 Kudos

hi Philippe,

you must not match the userprincipalname and the samaccountname, the samaccountname always contains only the username and the userprincipalname contains the domain specification additionally.

So, the solution would be to change the attribute in the SSO22KerbMap.ini file as follows:

SSO2AccountAttribute = sAMAccountName

Regards,

Claudia

Answers (0)

Ask a Question