cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SSO Kerberos SAPGUI WebGui don't work

claudio_normani
Explorer

on ‎02-23-2021 12:18 PM

0 Kudos

Hello

When I start the transaction WEBGUI, the logon screen appears. I expect the login to be done automatically since SSO is set up.

Does anyone have an idea why it does not work ? The kernel and SAPCRYPTOLIB are up to date

Here are a few print screen of the configuration SSO with Kerberos.

Thank you for your support

Regards

Claudio

Login Screen :

snc and spnego Parameter :

SPNEGO :

Service Principal Name :

STRUST :

Start Transaction WEBGUI :

Browser

Thank you

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

former_member894307
Member
‎07-27-2021 10:44 AM
0 Kudos

Hi Sailendra

Unfortunately, I could not solve the problem either. We have cancelled this project. Sorry ...

Claudio

Show replies
Show replies
dashsailendraprasad
Explorer
‎07-26-2021 9:08 AM
0 Kudos

hello Claudio,

I am also facing the same issue. I checked the note 1732610 and all the configuration seems fine. Were you able to solve the issue?

Thanks,

Sailendra

Show replies
Show replies
Former Member
‎02-23-2021 7:00 PM
0 Kudos

Hi Claudio,

The error in the last screen shot is explained in the note 1732610 - SPNego ABAP: Troubleshooting Note, Item 3.2.3 3.2.3 NTLM token received, this is the most likely problem

Show replies
Show replies
claudio_normani
Explorer
‎02-23-2021 1:45 PM
0 Kudos

I have created a trace with the report SEC_TRACE_ANALYZER with this error

Show replies
Show replies
claudio_normani
Explorer
‎02-23-2021 2:23 PM
0 Kudos

More Info ...

claudio_normani
Explorer
‎02-23-2021 2:27 PM
0 Kudos

More information about Trace

claudio_normani
Explorer
‎02-23-2021 2:28 PM
0 Kudos

N SPNegoValidateToken: Started N SPNegoValidateToken: Calling sec_kerberos_spnego_ParseToken(...) to parse the received token value N SPNegoValidateToken: Error when parsing received SPNego token via sec_kerberos_spnego_ParseToken (rc=-1570766316) N Received an NTLM token. This is not supported. N SPNegoValidateToken: Finished (rc=-62) N ==> krn_Base64_Encode() N <== krn_Base64_Encode()==0 (SSF_KRN_OK)

claudio_normani
Explorer
‎02-23-2021 1:25 PM
0 Kudos

Hi Ali

This ist the output from setspn and klist

setspn -L SAPERPSSOBZ1

Registered ServicePrincipalNames for CN=SAPERPSSOBZ1,CN=Users,DC=intranet,DC=xxx, DC=ch;

HTTP/xxxx.xxxxx.xxx.ch (Servername FQN)

SAP/SAPERPSSOBZ1

klist

#0> Client: bz1adm @ xxxxx.xxxx.ch

Server: krbtgt/xxxx.xxxx.ch @ xxxxx.xxxxx.ch

#1> Client: bz1adm @ xxxxx.xxxxx.ch

Server: LDAP/DC-Server.xxxxx.xxxxx.ch/xxxxx.xxxxx.ch @ xxxxx.xxxxx.ch

But when I run setspn -X, I get the following message :

found 2 groups of duplicate SPNs. But the service name SAPERPSSOBZ1 is not included in it.

Best Regards

Claudio

Show replies
Show replies
aloezcan
Explorer
‎02-23-2021 12:34 PM
0 Kudos

Hi Claudio,

Did you check, that you have received a http Ticket? You can check this with the klist command on your client.

You should also check the DNS entries, because when aliases are defined there should also http entries for them and you fqdn should be on the first Position.

Hth

Kind regards

Ali

Show replies
Show replies
Ask a Question