Skip to Content
author's profile photo Former Member
Former Member

Portal Multidomain SSO with ABAP backend Application

Hello Community,

get stuck on a strange Problem between two domains and APAB backend SSO with ABAP reference System.

SSO into Portal from Windows Client works from both domain's but SSO to integrated ABAP Application works only from one domain.

In the not working domain the logon screen from backend appears in iView.

Is there a way to trace this part in portal?

scenario:

- two seperated domains "company.com" and "corp.local"

- SPNEGO mapping mode is set to "Principal@REALM"

- configured dataSourceConfiguration_ads_readonly_db_multildap.xml

- each with Reference System User Mapping

<nameSpace name="$usermapping$">

<attributes>

<attribute name="REFERENCE_SYSTEM_USER">

<physicalAttribute name="samaccountname"/>

</attribute>

</attributes>

</nameSpace>

- configured SPN (ServicePrincipalNames) for each domain

- activated UserMapping System

thanks in advance

Christoph Schmitz

Add a comment
10|10000 characters needed characters exceeded

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Aug 08, 2013 at 11:52 AM

    Hi Christoph

    couple of questions:

    - which is domain not able to sso against backend (i would guess .com..)?

    - what's happen when they try to use backend app?

    Do you have any infrastructure doc that you can upload to better clarify your issue?

    Let me know

    a

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Chris

      sorry for the delay ive been in holiday and then sick 😔

      You stated that this happens when users of corp.local try to use backend app so somewhere or somehow there should be a trace in the dev_ ... Are you sure the logon page is sent from backend? In case yes, are you sure you increased the trace as i mentioned? (sometime im cryptic in my explanations 😊 )

      if you really strugling with this i have last chance for you, can you open a log viewer or cisco connection for me (ill provide you my pvt email in case)

      Let me know your thoughts

      a

  • author's profile photo Former Member
    Former Member
    Posted on Aug 08, 2013 at 12:34 PM

    Hi Christoph,

    From your description:

    --> "SSO into Portal from Windows Client works from both domain's but SSO to integrated ABAP Application works only from one domain.

    In the not working domain the logon screen from backend appears in iView."

    For the ABAP-system which SSO are not working, did you check/compare the STRUSTSSO2 configuration? And also SAPJSF-user which could be expired/locked?

    I hope this will help you.

    Regards,

    Andre

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Andre,

      It is only one Portal. It is also only one ABAP System and it is used in both scenario's!

      STRUSTSSO2 should work because from one DNS Alias portal.company.com it works!

      For what is SAPJSF user used? 😕 (btw. it is neither locked nor expired in application Server AND it does not exist in reference system )

      I added more information in reply to Andrea's post! (hope it will be released by the moderator soon)

      I hope this helps to understand my problem!

      thank you in advance for reading this, too

      regards

      Christoph

  • author's profile photo Former Member
    Former Member
    Posted on Aug 08, 2013 at 01:10 PM

    Are users the same in both domains? Do users from both domains exist and are they valid in the backend system? Better activate security trace in the backend system and reproduce the problem.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.