Skip to Content
author's profile photo Former Member
Former Member

SPnego ABAP for CRM ICWEB BSP problem after selecting business role

Gurus,

We have a trial license for NW SSO 2.0 SP05

We have these versions of SAP:

ECC 6.0 EHP6 ABAP AS w NW7.31 SP07

CRM 7.0 EHP2 ABAP AS w NW7.31 SP07

Pure JAVA AS w NW7.02 SP16

All 3 are AIX 6.1 with Kernel 7.21EXT #331

Our PCs are all Windows7 32-bit Enterprise SP1

We use IE10 browser

We use Microsoft AD to authenticate our PCs

Our AD login ID matches our SAP ID

I feel really good about having correctly setup SPnego for ABAP. I think we followed all the steps very closely and correctly:

Not to go into too much detail, but I followed the videos, applied the notes:

1. Install/config Secure Login Library for ABAP (at the AIX server/OS SAP level)

2. Created our AD service user with the setSPN per the video

3. enabled all the SNC/SPnego stuff in RZ10

4. followed all the steps to gen the keytab and PIN, credV2..just like in the video

5. restarted the SAP instance

6. TCODE SPNEGO...added the entry to reflect our AD user / domain that matches our keytab command

7. Installed the secure logon client

8. Rebooted the PC

9. Edited SU01 for our users to add the SNC entry...matching the Kerberos ticket to their SU01...looks good

10. edited SAPGUI logon pad to use SNC

So Logon pad is great...SNC always works.

SPnego for ABAP works awesome in terms of getting me to WEBGUI via IE browser...as well as NWBC via IE browser. No password. SWEET!

But ICWEB...aka Interaction Center webclient is a whole other issue.

when I hit the URL:

I use our typical URL to get direct to our CRM QA instance of ICWEB:
http://ourSAPhostname:ourSAPICM-HTTPport/sap/crm_logon

And I get right to the part where I can select my business role. And that is cool, because normally, before we did SSO, I would have been presented with a typical logon screen.

So I select my business role...just a custom role based off of an Utilities interaction center agent (since we are IS-U)

And them it hits me with a logon screen!

In case you can't read that , it says:

the server XXXX at SAP application server SID/CLIENT requires a username and password

Now, I can keep clicking "cancel" and get to the main screen, where I can work...but that isn't correct. It should just let me in!

And I swear this was all working a few days ago! But now I get this screen and so do all my other users who are testing.

This happens to all the folks, regardless of what PC they use, etc

Sounds crazy but this was working...and now I get this every time!

Help! what do you guys think?

thanks! NICK

SSOissue2.jpg (54.0 kB)
SSOissue1.jpg (33.1 kB)
Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on May 18, 2015 at 08:07 PM

    I never got a response. I'm going to start a new thread to hopefully re phrase my question in a way that will get some better assistance.

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.