on 09-22-2016 8:08 AM
Hi Experts,
have anyone of you ever experienced the issue with SPNEGO SSO where the browser is executed on the SAP host itself.
In my case I have to prepare a training where I only have one single Server for my students and I like to setup SPNEGO for ABAP and Java.
I have configured both correctly (pretty sure ) and in the ICM traces I am able to see HTTP 401 Negotiate is trigged by AS ABAP and Java.
In the Java traces i can see "NTLM token received in authorization header"
Does anyone know how to cure the Internet Explorer from doing NTLM?
Thanks!!!!
Cheers,
Carsten
Dear Carsten,
Please see "Are the client and server on the same box?" under below link.
The issue is described in MS's knowledge base with possible solutions. https://support.microsoft.com/en-us/kb/896861
Best regards,
Ning
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
SPNEGO where the client and the server are on the same host does not work. Fact is: Kerberos is not enabled in this configuration and a hard coded loopback check will always force usage of NTLM in this scenario.
Update: Method 1 and 2 as described in https://support.microsoft.com/en-us/kb/896861 did not helped.
Workaround: see my post above
Solution1: use a different client
Solution2: create an additional DNS entry for the system and SPN pointing to that name.
(But this is not possible in my scenario as i have only limited access to AD environment, unfortunately )
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.