on 06-09-2015 5:44 AM
Hi All,
we have configured an SSO setup(on Dev Portal) for our dev/qa enviorments and would like to setup another SSO(on PRD portal) for all the production instances, and have the below queries
1. When we import the registry entries for SSO enrollment will it overwrite the existing URL or can we have multiple URL enrollments 1 for dev/QA and 1 for PRD .
2. Would we also have to import multiple root CA into the users browsers .
regards
Jonu Joy
Hi Jonu,
1. You can download mulitple profile from different Secure Login Server installations but they must have different profile name. Instead of downloading the ProfileDownloadPolicy_<policy name>.reg you should download the ProfileGroupy_rfid.reg for each Server.
2. You have to import all root CA if they are from different PKI.
KR
Valerie
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Valerie
at the moment we have 2 SSO servers configured and the client enrolls to both of them, but what we found now is that if one of the SSO server is unavailable the enrollments fails even if the second SSO server is available
Is there a way we can have the client enroll to any SSO server which is available so that we can have the same servers configured on both of them which would allow the users to login even if one SSO server goes down .
Thank you
Jonu Joy
thx valerie
we followed the same process as discussed above and our enrollURL is
enrollURL0 : https://abc-as-01:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e
enrollURL1: https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e
and the Policy URL: https://jjf-as-01:50001/SecureLoginServer/slc/getProfiles?grouppolicy=2eed8371-85bd-4a22-9030-cbeefc...
but when jjf-as-01 is not reachable, the SLC does not get a x509 cert , it just fails , i thought if one enroll URL is down the SLC would try to reach the next available one and get an x509 cert
thank you
Jonu Joy
Hi Jonu,
Could you please enable SLC Developer Traces and check why the login failed?
The howto is described in the implementation guide http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf chapter 2.6.10
BTW your 2nd url is wrong : https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e
There is a "." too much before ":50001"
KR
Valerie
Thx Valerie
the issue was with the profile name it seems on the enrolment URL , we changed the value of profile to 5c614871-6246-43b5-a629-fdffc58e5d3e on abc-as-01 and it works now .
enrollURL0 : https://abc-as-01:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e
enrollURL1: https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.