Skip to Content
0
Former Member
Jan 31, 2007 at 11:41 AM

SPNego single sign-on error

46 Views

Hi there,

We are trying to implement SPNego single sign-on on SAP Netweaver 2004S

SR2 Portal 7.0..

We have implemented instructions as per help.sap.com. We have also

implemented numerous notes...

968191 - SPNego: Central Note

927350 - keytab generation for Kerberos authentication with SPNego

982127 - Troubleshooting authentication problems

957666 - tool for Troubleshooting Security Configuration

957707 - Using Diagtool for Troubleshooting Single Sign-On

935644 - configuring kerberos on NW04 against database user store

Our LDAP resides on ADS Windows 2003 Server SP1 (used ktab as

workaround since ktpass tool is incompatible)

Client is WinXP SP2 (hotfix applied KB885887)

Some further info:

- J2EE system is running on Windows 2003 SP1 64-bit (x86_64)

- Running on NetWeaver 2004s SR2 (SP9)

- We've applied the patch described in note 982044

- We're authenticating against Active Directory. Kerberos realm is

ENGENOIL.NET. The service user in AD was created according to the

guidelines in note 986060

We've installed the w2k_lsa_auth.dll from a 1.5.0 JVM for x86_64, as

per customer message 1853075/2006. As described above, the keytab

being used was generated using the JVM tool ktab rather than the

Kerberos tools on the AD domain controller, which is running

Windows 2003 SP1.

Your help will be much appreciated...