on 02-23-2021 12:18 PM
Hello
When I start the transaction WEBGUI, the logon screen appears. I expect the login to be done automatically since SSO is set up.
Does anyone have an idea why it does not work ? The kernel and SAPCRYPTOLIB are up to date
Here are a few print screen of the configuration SSO with Kerberos.
Thank you for your support
Regards
Claudio
Login Screen :
snc and spnego Parameter :
SPNEGO :
Service Principal Name :
STRUST :
Start Transaction WEBGUI :
Browser
Thank you
Hi Sailendra
Unfortunately, I could not solve the problem either. We have cancelled this project. Sorry ...
Claudio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hello Claudio,
I am also facing the same issue. I checked the note 1732610 and all the configuration seems fine. Were you able to solve the issue?
Thanks,
Sailendra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Claudio,
The error in the last screen shot is explained in the note 1732610 - SPNego ABAP: Troubleshooting Note, Item 3.2.3 3.2.3 NTLM token received, this is the most likely problem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
N SPNegoValidateToken: Started N SPNegoValidateToken: Calling sec_kerberos_spnego_ParseToken(...) to parse the received token value N SPNegoValidateToken: Error when parsing received SPNego token via sec_kerberos_spnego_ParseToken (rc=-1570766316) N Received an NTLM token. This is not supported. N SPNegoValidateToken: Finished (rc=-62) N ==> krn_Base64_Encode() N <== krn_Base64_Encode()==0 (SSF_KRN_OK)
Hi Ali
This ist the output from setspn and klist
setspn -L SAPERPSSOBZ1
Registered ServicePrincipalNames for CN=SAPERPSSOBZ1,CN=Users,DC=intranet,DC=xxx, DC=ch;
HTTP/xxxx.xxxxx.xxx.ch (Servername FQN)
SAP/SAPERPSSOBZ1
klist
#0> Client: bz1adm @ xxxxx.xxxx.ch
Server: krbtgt/xxxx.xxxx.ch @ xxxxx.xxxxx.ch
#1> Client: bz1adm @ xxxxx.xxxxx.ch
Server: LDAP/DC-Server.xxxxx.xxxxx.ch/xxxxx.xxxxx.ch @ xxxxx.xxxxx.ch
But when I run setspn -X, I get the following message :
found 2 groups of duplicate SPNs. But the service name SAPERPSSOBZ1 is not included in it.
Best Regards
Claudio
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Claudio,
Did you check, that you have received a http Ticket? You can check this with the klist command on your client.
You should also check the DNS entries, because when aliases are defined there should also http entries for them and you fqdn should be on the first Position.
Hth
Kind regards
Ali
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
75 | |
9 | |
8 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.