on 06-20-2007 2:54 PM
Hi
I would like to connect via IIS (Win 2003 server) and KerbMap to connect a File Share. The Problem that we have is the Header Cookie dosn't created.
More details you will find in the log below:
<b>Log:</b>
15:46:36 948/3584 i Initialize: Cannot delete file C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log: The system cannot find the file specified.
15:46:36 948/3584 I SSO22KerbMap.dll 1.1.0.8 is initialized
SSO22KerbMap configuration in C:\Inetpub\SSO22KerbMap\SSO22KerbMap.ini:
PseFile: C:\Inetpub\SSO22KerbMap\verify\verify.pse
ServicePrincipalName: HOST/chsfsnt0182.sfs-intra.net
FilterPriority: High
SSO2AccountAttribute: userPrincipalName
LogLevel: 2
Activated SSO logfile: C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log
15:46:36 948/3584 I ADSI Configuration for delegation on host CHSFSNT0182:
ServicePrincipalNames:
HOST/CHSFSNT0182
HOST/chsfsnt0182.sfs-intra.net
Delegation allowed to following SPNs:
HOST/chsfsnt0182.sfs-intra.net
HOST/CHSFSNT0182
Delegation Flag:Use any authentication protocol: ACTIVE
15:46:36 948/3584 I IIS SSO22KerbMap Module configured on following Web Sites:
15:46:36 948/3584 I WebSite Default Web Site (IIS://LOCALHOST/W3SVC/1)
Authentication(WebSite): Integrated Windows Authentication
Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)
Identity (Application Pool): Local System
SubFolders (Default Web Site)
Filters
SSO22KerbMap
IIsCertMapper
ROOT (Authentication: Integrated Windows Authentication)
WebDAVTest (Authentication: Integrated Windows Authentication)
WebDAVTransfer (Authentication: Integrated Windows Authentication)
15:46:36 948/3584 I IMPORTANT: Check that the Virtual directory of your target application is running
on 'Integrated Windows Authentication'!
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTransfer
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTransfer
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest/
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:46:36 948/2788 i OnPreprocHeaders: -
> Received URL /WebDAVTest/
15:46:36 948/2788 i getAccountFromCookie: No header Cookie found
15:46:36 948/2788 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:23 3780/864 I SSO22KerbMap.dll 1.1.0.8 is initialized
SSO22KerbMap configuration in C:\Inetpub\SSO22KerbMap\SSO22KerbMap.ini:
PseFile: C:\Inetpub\SSO22KerbMap\verify\verify.pse
ServicePrincipalName: HOST/chsfsnt0182.sfs-intra.net
FilterPriority: High
SSO2AccountAttribute: userPrincipalName
LogLevel: 2
Activated SSO logfile: C:\Inetpub\SSO22KerbMap\SSO22KerbMap_SSO.log
15:47:23 3780/864 I ADSI Configuration for delegation on host CHSFSNT0182:
ServicePrincipalNames:
HOST/CHSFSNT0182
HOST/chsfsnt0182.sfs-intra.net
Delegation allowed to following SPNs:
HOST/chsfsnt0182.sfs-intra.net
HOST/CHSFSNT0182
Delegation Flag:Use any authentication protocol: ACTIVE
15:47:24 3780/864 I IIS SSO22KerbMap Module configured on following Web Sites:
15:47:24 3780/864 I WebSite Default Web Site (IIS://LOCALHOST/W3SVC/1)
Authentication(WebSite): Integrated Windows Authentication
Application Pool DefaultAppPool (IIS://localhost/w3svc/AppPools/DefaultAppPool)
Identity (Application Pool): Local System
SubFolders (Default Web Site)
Filters
SSO22KerbMap
IIsCertMapper
ROOT (Authentication: Integrated Windows Authentication)
WebDAVTest (Authentication: Integrated Windows Authentication)
WebDAVTransfer (Authentication: Integrated Windows Authentication)
15:47:24 3780/864 I IMPORTANT: Check that the Virtual directory of your target application is running
on 'Integrated Windows Authentication'!
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTransfer
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTransfer
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest/
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
15:47:24 3780/920 i OnPreprocHeaders: -
> Received URL /WebDAVTest/
15:47:24 3780/920 i getAccountFromCookie: No header Cookie found
15:47:24 3780/920 i OnPreprocHeaders: No SSO2 account from cookie MYSAPSSO2
Hi Thomas,
you should check the settings for the http System that you are using for the WebDAV repository manager.
1. Is the flag 'Same User Domain' checked ? SAP Logon Tickets are only issued if this flag is checked.
2. Are you using the Full Qualified Domain Name in the URL to access the IIS ? Please check the settings for 'Server URL'. SAP Logon Tickets are session cookies that are only send to servers that reside in the same DNS domain.
Best regards,
André
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrè
Thanks for your answer...
I have checked the configuration by means of you. It is all OK.
You have still different ideas?
-
-
HTTP-System:
Same User Domain = true
Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer
What did you mean with Password and the User in the http-system?
-
-
WebDAVRepository:
Prefix: /webdav_chsfsnt0xxx_transfer
SystemID: webdav_chsfsnt0xxx_transfer
Security Manager: Not Set
Server Type: Native IIS WebDavServer
-
-
SSO22KerbMap.ini:
1. Specify the full path of the verify.pse file, which contains the digital
2. certificate of the Portal Server.
PseFile = C:InetpubSSO22KerbMapverifyverify.pse
1. These are the log levels.
2. 0 - Only global information is written to the file
3. 1 - Only errors are written to the file
4. 2 - Also general information is written to the file
5. 3 - Detailed output is written to the file (only for troubleshooting)
LogLevel = 2
1. Specify the SPN shown by setspn.exe
ServicePrincipalName = HOST/chsfsnt0xxx.sfs-intra.net
1. Specify the priority for the filter (Low, Medium or High)
FilterPriority = High
1. Specify the ADSI Attribute of the account provided by the SAP Logon Ticket
2. this can be any attribute like sAMAccountName, userPrincipalName,...
SSO2AccountAttribute = userPrincipalName
Best Regards
Thomas
Hi André
We are a litle further.
-
-
Now we have successfull match from the ADS
13:35:41 4072/2380 i OnPreprocHeaders: -
-
Received URL /WebDAVTransfer
13:35:41 4072/2380 i OnPreprocHeaders: Determined account bit from cookie MYSAPSSO2
13:35:41 4072/2380 i OnPreprocHeaders: Running on security context of user SYSTEM before impersonation
13:35:41 4072/2380 i LogonAsUser: LsaLookupAuthenticationPackage executed succesfully
13:35:41 4072/2380 i LogonAsUser: LsaLogonUser handle: 2CC
13:35:41 4072/2380 i OnPreprocHeaders: SF_STATUS_REQ_NEXT_NOTIFICATION
13:35:41 4072/2380 i OnPreprocHeaders: -
-
Received URL /WebDAVTransfer
13:35:41 4072/2380 i OnPreprocHeaders: Determined account bit from cookie MYSAPSSO2
13:35:41 4072/2380 i OnPreprocHeaders: Running on security context of user SYSTEM before impersonation
13:35:41 4072/2380 i LogonAsUser: LsaLookupAuthenticationPackage executed succesfully
13:35:41 4072/2380 i LogonAsUser: LsaLogonUser handle: 2BC
13:35:41 4072/2380 i OnPreprocHeaders: SF_STATUS_REQ_NEXT_NOTIFICATION
-
-
Error from the iView in the Portal:
class com.sapportals.wcm.repository.IOErrorException
Internal Server Error
Best Regards
Thomas
Hi Thomas,
good to hear this.
I otherwise would have thought that the Server URL would have to be changed.
I observed problems when the URL did not end with a slash "/".
So I would have tried to use
Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer
/
instead of
Server URL = http://chsfsnt0xxx.sfs-intra.net/WebDAVTransfer
Best regards,
André
Hi Deepak
Please check the proberty <b>Same User Domain</b> in the HTTP-System. This Flag must be <b>True</b>.
Then the <b>User Property</b> must be empty. If you have defined an user then expose the portal no cookie.
On the IIS-System in the share you musst deposit an Service Account user. Imported that you are select the user from system. yout dont write the name directly in the field because the namis is wrong.
Best Regards
Thomas
Hi Thomas,
The Same User Domain in the HTTP System is set to true. The user property is empty too.
Now as far the third item is concerned, I didn't understand "On the IIS-System in the share you musst deposit an Service Account user." Could you please explain this?
And when u said "dont write the name directly in the field " did you mean while adding windows security on the file share?
Please let me know.
Regards,
Deepak
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.