Skip to Content
avatar image
Former Member

kerberos authentication via Apache ...

Hi all !

we use SAP NW Portal 7.0; we can access the portal from internet via Apache as reverse proxy;

our internal and external users access the portal via the Apache reverse proxy;

now we want to use kerberos to authenticate against J2EE of Portal;

Kerberos is working when ich access the Portal directly via http://<fqdn>:<port>/irj;

but when we want to access the portal via Apache reverse proxy e.g. http://portal.test.com authentication via Kerberos don't work; Apache doesn't pass the kerberos ticket;

is there any solution ?

the Apache reverse proxy should be the 'single point of contact' for portal access;

Thanks

Oliver

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • avatar image
    Former Member
    Aug 16, 2007 at 05:23 PM

    Kerberos authentication will not work over the internet.

    This is the reason I am still using IISProxy and NTLM.

    Add comment
    10|10000 characters needed characters exceeded

    • David,

      Can you explain why you need IISProxy for access to SAP over internet ? You can use SPNEGO protocol for internal users and Kerberos authetnication via a browser form for external users, and no need to use the unsupported IISProxy product.

      Thanks,

      Tim

  • Mar 14, 2008 at 02:27 PM

    Oliver,

    I'm not sure if you resolved this yet ?

    Would a solution be of interest, where the user accessing SAP portal via Apache proxy is presented with a login screen, where they enter their Kerberos account name and password to logon to SAP, but when they logon from workstation on Intranet (inside firewall) they get authenticated via SPNEGO ?

    Thanks,

    Tim

    Add comment
    10|10000 characters needed characters exceeded