Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

SPNEGO Configuration Wizard - Step 3 not working - Single Sign On not work.

Hi Experts,

We trying to setup the SSO between the AD and Portal. I made the follow configuration.

On Active Directory (AD)

- Created a Service User with password that never expires.

- selectd the option "Use DES encryption types for this account"

- Executed the command: setspn -A HTTP/servername username on the server name and on the DNS alias name.

On the configtool:

- I imported the dataSourceConfiguration_ads_readonly_db_with_krb5.XML file

- On the server name: <AD server host>

- Server Port: 389

- User: <service user created on AD>

- Password: <Password of service user created on AD>

- Checked the option "Use UME unique id with unique LDAP attribute and gave the service user created on AD as parameter.

- User path and Group Path were selected based on the AD info.

I tested the connection an the atuthentication that were sucessfull.

So I accessed Instance --> Server --> Services --> and add the value krb5principalname;kpnprefix;dn on the ume.admin.addattrs key and set it


- Openned EP 7 SP15 and called the SPNEGO Wizard, on the first step I just checked the Prerequisites.

- 2nd Step I provided Kerberos Realm: <domain name>

- KDC Host: <LDAP server>

- KDC Port: 88

- Service User Name: <service user name created on AD>

- Service User Password: <Password of service user name created on AD>

- LDAP Host: <LDAP server name>

- LDAP Port: 389

and clicked on Next.

On the 3rd step I selected the Resolution mode = prefixed base.

KPN Prefix: kpnprefix

kpnprefix: dn

and provided my user on AD to Test, but I got te error message: UME cannot resolve Kerberos principal name XXXX#XXXX.XXX.XX; check selected resolution mode.

Any idea about what can be missing or wrong?



Edited by: Armando Martines Neto on Aug 8, 2008 11:40 AM

Former Member

Helpful Answer

Not what you were looking for? View more on this topic or Ask a question