Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Cross-domain authentication using SPNEGO

Hi Experts,

Consider this scenario.

Case 1:

There are 2 domains (forests), Domain A and Domain B.

SAP users are located in Domain A, while AS-JAVA server is located in Domain B.

There is a One Way Forest Trust (OWFT) between Domain A and Domain B, in which Domain A is the trusted domain, while Domain B is the trusting domain.

AS-JAVA is using Active Directory (Domain B) as the UME data source.

We run ‘setspn’ in Domain B for the AS-JAVA resource.

We create the Kerberos Realm in AS-JAVA for Domain B.

Would this SSO configuration work?

On this scenario, what would be the KPN (principal@REALM) of the user? Is it principal@DomainA or principal@DomainB?

Another side question I have:

when configuring SPNEGO authentication, is there a step where we need to connect from AS-JAVA to the LDAP (AD) server?

Can this connection be secured using LDAPS on port 636/tcp?

Thanks in advance.

Best Regards.

Former Member

Helpful Answer

Not what you were looking for? View more on this topic or Ask a question