03-09-2008 8:02 AM
Guys,
First of all I am not a SAP person, but working in the network department. So sorry if I don't use the appropriate words for my question.
My company is using SAP for different services.
A few months ago the SAP team installed SSO so we don't need to authenticate anymore. We logon on in the morning in AD, and then when we click the SAP link Kerberos is doing this job and we are authicated. It works fine.. but we don't have any other consulting budget to go to phase 2.. which is my question.
We have remote sites not connected to are LAN/WAN. The come to see us via a VPN/SSL architecture. This product is able to authenticate the users, and then do somme Kerberos SSO. It is based on Kerberos Constained Delegation. User authenticate, and when they click on SAP, the Gateway ask for a TGS, get it, and then send it to the sap machine.
Here is my problem... it does not work.
What I can see from the getway is that I get my TGS, send it to SAP and then connection refused.
I don't undestand why it happens on the SAP part.
Here is my question : How can I deep debug the authentication part on SAP ? Is my TGS ok ? What part is wrong ? Options, ... ? So I am blind, with no budget to hire an expert on this.
If you could advise me that would be great.
Best regards, and many thanks.
Fred
03-09-2008 8:19 AM
Frederic,
Hello. My specialist area of technical expertise is with Kerberos, and especially Kerberos with SAP products. I therefore hope I can help you.
Can you explain more about where the TGS request comes from in your setup ? You mentioned that it comes from "the gateway" but you don't mention which gateway is involved, and provide more details on how it works ?
Also, I assume you are currently using Kerberos with SNC and SAP GUI, and this is working, or are you using Kerberos with browser access to SAP applications, or both ?
Thanks,
Tim
03-09-2008 8:19 AM
Frederic,
Hello. My specialist area of technical expertise is with Kerberos, and especially Kerberos with SAP products. I therefore hope I can help you.
Can you explain more about where the TGS request comes from in your setup ? You mentioned that it comes from "the gateway" but you don't mention which gateway is involved, and provide more details on how it works ?
Also, I assume you are currently using Kerberos with SNC and SAP GUI, and this is working, or are you using Kerberos with browser access to SAP applications, or both ?
Thanks,
Tim
10-05-2009 8:40 AM
Hi,
I am facing an issue with the VPN. When i connect to VPN and accessing the portal URL, It is asking for User-Id and Password.
Kerberose is not working.Let me know what needs to be done