12-19-2006 10:18 AM
Hi All,
I have SSO with Windows Authentication implemented in our portals.Presently all users authenticate themself in AD domain,because UME store for user is LDAP(MS AD).
Now we are going to change the LDAP and even domain to say(Global).But I have a doubt that once we do this my SSO window Authentication would be lost,because there would be place somewhere Domain information is also stored and we need to change even that to Global?Am i rite?
Please confirm on this and let me know how this can be achieved?
Help will be Appreciated Greatly
Regards
Rani A
12-19-2006 10:30 AM
Hi,
your best bet is to configure the portal for a new domain from scratch - you'll need new KPNs, kerb.conf etc. There's a wizard that can help you out - take a look at SAP note 994791. Also, check the SPNego central SAP Note 968191.
I would again suggest that you take a closer look at the SPNego documentation to make sure you have a grasp of the configuration steps. This will save you troubleshooting effort down the road.
Regards,
Yonko
12-19-2006 10:30 AM
Hi,
your best bet is to configure the portal for a new domain from scratch - you'll need new KPNs, kerb.conf etc. There's a wizard that can help you out - take a look at SAP note 994791. Also, check the SPNego central SAP Note 968191.
I would again suggest that you take a closer look at the SPNego documentation to make sure you have a grasp of the configuration steps. This will save you troubleshooting effort down the road.
Regards,
Yonko
12-19-2006 11:10 AM
Hi Yonko,
Thanks Again.That means SSO contains the information about Domain(AD) and again from scratch I have to implement Windows Authentication.Is there any way to overrite this information with Global without going into deep?
Can SSO windows Authentication be done for multiple domains Simultaneously?IF so how?
Regards
Rani A
12-19-2006 11:26 AM
Hi Rani,
The wizard should guide you through the steps without going too deep. It should replace the old domain configuration with the new one.
If you do go into the deep you can probably resuse some of the config for the old domain, but in the end you'll have to start the config more or less from scratch - the domain has to be updated at several points in the config.
Multi domain is not supported for now. Keep up with the central note and the documentation, though - these will be updated once there's support for it.
Regards,
Yonko
12-19-2006 1:34 PM
Hi Yonko,
Thanks for your time.Things are clear now.Let me implement this and i would
be back again witha new thread if any doubts on this.
Regards
Rani A