Skip to Content
0
Former Member
Oct 09, 2013 at 10:42 PM

Re : SSO issues with BO31 SP5 with IIS 7.5 and Tomat 6.0.35

51 Views

Hello All,

We are trying to setup SSO oer SAP NOTE 1483762 with the following config :

OS : W2K8 R2 SP1

IIS : 7.5 (Used as Redirector to Tomcat with ISAPI plugin)

SSL : Yes, Cert on IIS Tomcat : 6.0.35

BO : BOXI 31 SP5

Cluster : Yes, 3 NODES

Authentication : AD/Kerberos/Vintella AD

Forest : Single AD

Domains : Multiple in a single forest

SPN entries info are as follows :

http/BO.abc.xyz.com BOServiceAccount

https/BO.abc.xyz.com BOServiceAccount

http/WebHostname BOServiceAccount

http/WebHostname.abc.xyz.com BOServiceAccount

http/WebHostname IP BOServiceAccount

BOCMS/BOServiceAccount.abc.xyz.com BOServiceAccount

When attempting to perform SSO with straight Tomcat , that works just fine. However, when attempting the same by hitting site on IIS , it does forward to BO Logon page with AD authentication selected but does NOT SSO me in. When attempting the manual AD Logon after IIS redirect , does work fine though.

I was wondering as to if other can share there experience on IIS/Tomcat/BO/AD/Kerberos/Vintella SSO configurations and how did they achieve it. Also, what would be process to debug this .... pointers on that are appreciated.

Thanks,

Sam