cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple SSO config

former_member217468
Participant

on ‎06-09-2015 5:44 AM

0 Kudos

Hi All,

we have configured an SSO setup(on Dev Portal) for our dev/qa enviorments and would like to setup another SSO(on PRD portal) for all the production instances, and have the below queries 

1. When we import the registry entries for SSO enrollment will it overwrite the existing URL or can we have multiple URL enrollments 1 for dev/QA and 1 for PRD .

2. Would we also have to import multiple root CA into the users browsers .

regards

Jonu Joy

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-09-2015 12:56 PM
0 Kudos

Hi Jonu,

1. You can download mulitple profile from different Secure Login Server installations but they must have different profile name. Instead of downloading the ProfileDownloadPolicy_<policy name>.reg you should download the ProfileGroupy_rfid.reg for each Server.

2. You have to import all root CA if they are from different PKI.

KR

Valerie

Show replies
Show replies
former_member217468
Participant
‎06-11-2015 2:59 AM
0 Kudos

Thank you Valerie

at the moment we have 2 SSO servers configured and the client enrolls to both of them, but what we found now is that if one of the SSO server is unavailable the enrollments fails even if the second SSO server is available

Is there a way we can have the client enroll to any SSO server which is available so that we can have the same servers configured on both of them which would allow the users to login even if one SSO server goes down .

Thank you

Jonu Joy 

Former Member
‎06-11-2015 7:21 AM
0 Kudos

Hi Jonu,

Maybe this blog can help you:

KR

Valerie

former_member217468
Participant
‎06-11-2015 7:34 AM
0 Kudos

thx valerie

we followed the same process as discussed above and our enrollURL is

enrollURL0 : https://abc-as-01:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e

enrollURL1: https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e

and the Policy URL: https://jjf-as-01:50001/SecureLoginServer/slc/getProfiles?grouppolicy=2eed8371-85bd-4a22-9030-cbeefc...

but when jjf-as-01 is not reachable, the SLC does not get a x509 cert , it just fails , i thought if one enroll URL is down the SLC would try to reach the next available one and get an x509 cert

thank you

Jonu Joy

Former Member
‎06-11-2015 7:39 AM
0 Kudos

Hi Jonu,

Could you please enable SLC Developer Traces and check why the login failed?

The howto is described in the implementation guide http://help.sap.com/download/sapsso/secure_login_impl_guide_en.pdf chapter 2.6.10

BTW your 2nd url is wrong : https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e

There is a "." too much before ":50001"

KR

Valerie

former_member217468
Participant
‎06-16-2015 1:03 AM
0 Kudos

Thx Valerie

the issue was with the profile name it seems on the enrolment URL , we changed the value of profile to 5c614871-6246-43b5-a629-fdffc58e5d3e on abc-as-01 and it works now .

enrollURL0 : https://abc-as-01:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e

enrollURL1: https://jjf-as-01.:50001/SecureLoginServer/slc2/doLogin?profile=5c614871-6246-43b5-a629-fdffc58e5d3e

Ask a Question