on 04-17-2014 9:12 AM
Hello,
I used SPNego on NW 7.01.
I have upgraded my system from NW7.01 to NW 7.40.
I have regenerated the spnego by SPNego Wizard.
I have recreated the entry spnego by offlinecfgeditor (template=spnego).....I had to delete it after upgrade to be able to connect to the system.
Now, I can't connect using SPNego :
LOGIN.FAILED
User: N/A
IP Address: 128.41.15.233
Authentication Stack: sap.com/SSOEAR*login
Authentication Stack Properties:
policy_domain = /login
realm_name = Upload Protected Area
Login Module Flag Initialize Login Commit Abort Details
1. com.sap.security.core.server.jaas.EvaluateTicketLoginModule SUFFICIENT ok false true
#1 trusteddn1 = CN=D39,OU=DSIRH,OU=DGRH,O=SAP Trust Community,C=DE
#2 trustediss1 = CN=D39,OU=DSIRH,OU=DGRH,O=SAP Trust Community,C=DE
#3 trustedsys1 = D39,000
#4 ume.configuration.active = true
2. com.sap.security.core.server.jaas.SPNegoLoginModule OPTIONAL ok exception true SPNego authentication has failed during previous attempt.
#1 com.sap.security.spnego.legacy = false
#2 com.sap.spnego.creds_in_thread = true
#3 com.sap.spnego.jgss.name = DJ1SAPSSO@EMEA.LOREAL.INTRA
#4 com.sap.spnego.uid.resolution.attr = krb5principalname
#5 com.sap.spnego.uid.resolution.mode = simple
3. com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT ok false true
#1 ume.configuration.active = true
4. com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE ok false false
5. com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE ok false true
#1 ume.configuration.active = true
No logon policy was applied
Can you help me?
Regards
Hello,
yes, I removed the old Realm, restarted the system and then launched SPNego wizard.
After that, I have reimported the old keytab.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Chris,
I am having the exact same problem, only the target stack is NW 7.31 instead of 7.4.
Did you manage to solve this?
If so, how?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I would like to point out that the error you have provided "SPNego authentication has failed during previous attempt" does not show us why SPNego is failing. This means there is still references in the cache and the trace will not show us the real reason for failure.
Please clear the browser cache then close all browser sessions
Reproduce a logon with the security troubleshooting wizard again and paste the output here.
Regards,
David
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Your stack looks wrong.
Instead of:
com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE
com.sap.security.core.server.jaas.CreateTicketLoginModule REQUISITE
I would expect to see:
com.sap.security.core.server.jaas.CreateTicketLoginModule SUFFICIENT
com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule REQUISITE
com.sap.security.core.server.jaas.CreateTicketLoginModule OPTIONAL
Thanks
Tim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.