Problem with Cross-domain SSO, NTLM and ITS to R/3

Hello,

We are using EP 6.0.13.0 on a Windows environment. We have an ITS running WebGUI/ESS/MSS in another domain and that is the same domain where the R/3 and BI systems reside. We have configured NTLM authentication using IIS web server 6.0 and the IISProxy 1.6.2. We have configured SSO with the backends using the same ID as in the MS-ADS. Almost everything works fine.

The problem is that when we use the NTLM logon VIA the IIS to the portal, and then navigate to a WebGUI service transaction we are prompted for login. When we refresh the portal screen and try again - it works.

We have configured the mdc.hosts and are using the sendSAPSSO2Cookie.asp to generate the cross-domain logon ticket.

I have read that ITS may require the PAS be set up but I thought that was only used when you are going directly to the ITS (leveraging the NTLM authentication) - not when you are going through the portal.

Does anyone have some experience using ALL of the SSO features (i.e. SSO, cross-domain support, ITS, windows integrated authentication)?

We have though about the relax option for the domain but it does not apply as our domains are:

SERVER1.domain1.com and SERVER2.domain2.com

... so relaxing would not help unless we relaxed to the ".COM" which is unreasonable.

My regards,

Judson Maizels