Skip to Content
0
Former Member
Dec 04, 2007 at 07:05 PM

Multiple domain cookies aren't working

233 Views

Hi,

I'm trying to set up a configuration where a client receives MYSAPSSO2 tickets from multiple domains, as explained here:

http://help.sap.com/saphelp_nw04/helpdata/en/e0/fa984050a13354e10000000a1550b0/content.htm

I have two servers, sap3 and sap6. sap3 is a 7.0 Java install, and sap6 is a 3.5 Java/ABAP. I tried following the instructions given and it didn't work. I set ume.login.mdc.hosts on both of the servers and nothing happened. Tracing traffic on the client, the server, and the other server all did not show any requests or responses from the second server (on seperate domain).

I installed this note: 920033 on server sap3. sap6 is patched up already and should be fine. If i go to the URL:

http://sap3:50100/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.mdc

I see "No action indicator in request" which makes me think that this app is installed properly. I also see this for sap6.

As far as I can tell from all the documentation and blogs I've read all I should have to do is set this ume.login.mdc.hosts property and a user logging onto the portal should magically have cookies for both servers sent back to them. I'm using SAP for the web server too. As per this blog post:

HOWTO Create Custom Application for Handling J2EE Engine Multi-domain Single Sign-On Token

"If you have SAP Enterprise Portal (EP) installation on some host from the other domain (where you desire to use SSO), then you just have to define the hostname and port into the UME property ume.login.mdc.hosts, for example portaldev.acme2.net:50400. The EP application com.sap.portal.usermanagement.admin.mdc on the host portaldev.acme2.net handles the SSO token passed via HTTP POST parameter."

Is there some sort of log file somewhere I should be looking at for more information about what's going wrong? Do I have to set up a special iView anyways? From what I've read it sounds like that sort of stuff is only if you're using some other web server...

Also, a second question: How come SAP returns the domain for my MYSAPSSO2 cookie without a leading dot, while it returns the domain for my JSESSIONID in the same response WITH a leading dot? I'm expecting to get a leading dot in both cases.

Thanks for any help,

- Chris