SSO22KerbMap: No header Cookie found - SAP Community

Hi

I would like to connect via IIS (Win 2003 server) and KerbMap to connect a File Share. The Problem that we have is the Header Cookie dosn't created.

More details you will find in the log below:

<b>Log:</b>

15:46:36 948/3584 i Initialize: Cannot delete file C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log: The system cannot find the file specified.

15:46:36 948/3584 I SSO22KerbMap.dll 1.1.0.8 is initialized

SSO22KerbMap configuration in C:\Inetpub\SSO22KerbMap\SSO22KerbMap.ini:

PseFile: C:\Inetpub\SSO22KerbMap\verify\verify.pse

ServicePrincipalName: HOST/chsfsnt0182.sfs-intra.net

FilterPriority: High

SSO2AccountAttribute: userPrincipalName

LogLevel: 2

Activated SSO logfile: C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log

15:46:36 948/3584 I ADSI Configuration for delegation on host CHSFSNT0182:

ServicePrincipalNames:

HOST/CHSFSNT0182

HOST/chsfsnt0182.sfs-intra.net

Delegation allowed to following SPNs:

HOST/chsfsnt0182.sfs-intra.net

HOST/CHSFSNT0182

Delegation Flag:Use any authentication protocol: ACTIVE

15:46:36 948/3584 I IIS SSO22KerbMap Module configured on following Web Sites:

15:46:36 948/3584 I WebSite Default Web Site (IIS://LOCALHOST/W3SVC/1)

Authentication(WebSite): Integrated Windows Authentication

Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)

Identity (Application Pool): Local System

SubFolders (Default Web Site)

Filters

SSO22KerbMap

IIsCertMapper

ROOT (Authentication: Integrated Windows Authentication)

WebDAVTest (Authentication: Integrated Windows Authentication)

WebDAVTransfer (Authentication: Integrated Windows Authentication)

15:46:36 948/3584 I IMPORTANT: Check that the Virtual directory of your target application is running

on 'Integrated Windows Authentication'!

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTransfer

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTransfer

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest/

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:46:36 948/2788 i OnPreprocHeaders: -

> Received URL /WebDAVTest/

15:46:36 948/2788 i getAccountFromCookie: No header Cookie found

15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:23 3780/864 I SSO22KerbMap.dll 1.1.0.8 is initialized

SSO22KerbMap configuration in C:\Inetpub\SSO22KerbMap\SSO22KerbMap.ini:

PseFile: C:\Inetpub\SSO22KerbMap\verify\verify.pse

ServicePrincipalName: HOST/chsfsnt0182.sfs-intra.net

FilterPriority: High

SSO2AccountAttribute: userPrincipalName

LogLevel: 2

Activated SSO logfile: C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log

15:47:23 3780/864 I ADSI Configuration for delegation on host CHSFSNT0182:

ServicePrincipalNames:

HOST/CHSFSNT0182

HOST/chsfsnt0182.sfs-intra.net

Delegation allowed to following SPNs:

HOST/chsfsnt0182.sfs-intra.net

HOST/CHSFSNT0182

Delegation Flag:Use any authentication protocol: ACTIVE

15:47:24 3780/864 I IIS SSO22KerbMap Module configured on following Web Sites:

15:47:24 3780/864 I WebSite Default Web Site (IIS://LOCALHOST/W3SVC/1)

Authentication(WebSite): Integrated Windows Authentication

Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)

Identity (Application Pool): Local System

SubFolders (Default Web Site)

Filters

SSO22KerbMap

IIsCertMapper

ROOT (Authentication: Integrated Windows Authentication)

WebDAVTest (Authentication: Integrated Windows Authentication)

WebDAVTransfer (Authentication: Integrated Windows Authentication)

15:47:24 3780/864 I IMPORTANT: Check that the Virtual directory of your target application is running

on 'Integrated Windows Authentication'!

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTransfer

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTransfer

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest/

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

15:47:24 3780/920 i OnPreprocHeaders: -

> Received URL /WebDAVTest/

15:47:24 3780/920 i getAccountFromCookie: No header Cookie found

15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2

SAP Managed Tags:
SAP NetWeaver

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Accepted Solutions (0)

Answers (1)

Answers (1)

Hi Thomas,

you should check the settings for the http System that you are using for the WebDAV repository manager.

1. Is the flag 'Same User Domain' checked ? SAP Logon Tickets are only issued if this flag is checked.

2. Are you using the Full Qualified Domain Name in the URL to access the IIS ? Please check the settings for 'Server URL'. SAP Logon Tickets are session cookies that are only send to servers that reside in the same DNS domain.

Best regards,

André

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi Andrè

Thanks for your answer...

I have checked the configuration by means of you. It is all OK.

You have still different ideas?

-

-

HTTP-System:

Same User Domain = true

Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer

What did you mean with Password and the User in the http-system?

-

-

WebDAVRepository:

Prefix: /webdav_chsfsnt0xxx_transfer

SystemID: webdav_chsfsnt0xxx_transfer

Security Manager: Not Set

Server Type: Native IIS WebDavServer

-

-

SSO22KerbMap.ini:

1. Specify the full path of the verify.pse file, which contains the digital

2. certificate of the Portal Server.

PseFile = C:InetpubSSO22KerbMapverifyverify.pse

1. These are the log levels.

2. 0 - Only global information is written to the file

3. 1 - Only errors are written to the file

4. 2 - Also general information is written to the file

5. 3 - Detailed output is written to the file (only for troubleshooting)

LogLevel = 2

1. Specify the SPN shown by setspn.exe

ServicePrincipalName = HOST/chsfsnt0xxx.sfs-intra.net

1. Specify the priority for the filter (Low, Medium or High)

FilterPriority = High

1. Specify the ADSI Attribute of the account provided by the SAP Logon Ticket

2. this can be any attribute like sAMAccountName, userPrincipalName,...

SSO2AccountAttribute = userPrincipalName

Best Regards

Thomas

Hi André

We are a litle further.

-

-

Now we have successfull match from the ADS

13:35:41 4072/2380 i OnPreprocHeaders: -

-

Received URL /WebDAVTransfer

13:35:41 4072/2380 i OnPreprocHeaders: Determined account bit from cookie MYSAPSSO2

13:35:41 4072/2380 i OnPreprocHeaders: Running on security context of user SYSTEM before impersonation

13:35:41 4072/2380 i LogonAsUser: LsaLookupAuthenticationPackage executed succesfully

13:35:41 4072/2380 i LogonAsUser: LsaLogonUser handle: 2CC

13:35:41 4072/2380 i OnPreprocHeaders: SF_STATUS_REQ_NEXT_NOTIFICATION

13:35:41 4072/2380 i OnPreprocHeaders: -

-

Received URL /WebDAVTransfer

13:35:41 4072/2380 i OnPreprocHeaders: Determined account bit from cookie MYSAPSSO2

13:35:41 4072/2380 i OnPreprocHeaders: Running on security context of user SYSTEM before impersonation

13:35:41 4072/2380 i LogonAsUser: LsaLookupAuthenticationPackage executed succesfully

13:35:41 4072/2380 i LogonAsUser: LsaLogonUser handle: 2BC

13:35:41 4072/2380 i OnPreprocHeaders: SF_STATUS_REQ_NEXT_NOTIFICATION

-

-

Error from the iView in the Portal:

class com.sapportals.wcm.repository.IOErrorException

Internal Server Error

Best Regards

Thomas

hi

the problem is solved.

the problem was the service account user.

Best Regards

Thomas

Hi Thomas,

good to hear this.

I otherwise would have thought that the Server URL would have to be changed.

I observed problems when the URL did not end with a slash "/".

So I would have tried to use

Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer

/

instead of

Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer

Best regards,

André

Hi Thomas,

I am facing exact same error.

Can you please share the solution detail.

Regards,

Deepak

Hi Deepak

Please check the proberty <b>Same User Domain</b> in the HTTP-System. This Flag must be <b>True</b>.

Then the <b>User Property</b> must be empty. If you have defined an user then expose the portal no cookie.

On the IIS-System in the share you musst deposit an Service Account user. Imported that you are select the user from system. yout dont write the name directly in the field because the namis is wrong.

Best Regards

Thomas

Hi Thomas,

The Same User Domain in the HTTP System is set to true. The user property is empty too.

Now as far the third item is concerned, I didn't understand "On the IIS-System in the share you musst deposit an Service Account user." Could you please explain this?

And when u said "dont write the name directly in the field " did you mean while adding windows security on the file share?

Please let me know.

Regards,

Deepak

Ask a Question

Top Q&A Solution Author

User

Count

80

9

9

7

7

6

6

5

5

4