cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

kerberos authentication via Apache ...

Former Member

on ‎08-16-2007 3:53 PM

0 Kudos

Hi all !

we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;

our internal and external users access the portal via the Apache reverse proxy;

now we want to use kerberos to authenticate against J2EE of Portal;

Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;

but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;

is there any solution ?

the Apache reverse proxy should be the 'single point of contact' for portal access;

Thanks

Oliver

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

tim_alsop
Active Contributor
‎03-14-2008 2:27 PM
0 Kudos

Oliver,

I'm not sure if you resolved this yet ?

Would a solution be of interest, where the user accessing SAP portal via Apache proxy is presented with a login screen, where they enter their Kerberos account name and password to logon to SAP, but when they logon from workstation on Intranet (inside firewall) they get authenticated via SPNEGO ?

Thanks,

Tim

Show replies
Show replies
Former Member
‎08-16-2007 6:23 PM
0 Kudos

Kerberos authentication will not work over the internet.

This is the reason I am still using IISProxy and NTLM.

Show replies
Show replies
Former Member
‎08-17-2007 2:28 PM
0 Kudos

to use the portal, all users ( internal or external ) have to use the URL to our apache reverse proxy; the URL is the same for internal or external users

==> http://portal.test.com;

for the internal users, it would be nice if the apache reverse proxy could pass the kerberos ticket to the portal server so that the login page doesn't appear;

how to ?

Thanks

Oliver

Former Member
‎08-17-2007 2:44 PM
0 Kudos

It will work on the inside of the firewall. It will not work over the itnernet.

tim_alsop
Active Contributor
‎03-14-2008 2:28 PM
0 Kudos

David,

Can you explain why you need IISProxy for access to SAP over internet ? You can use SPNEGO protocol for internal users and Kerberos authetnication via a browser form for external users, and no need to use the unsupported IISProxy product.

Thanks,

Tim

Ask a Question