cancel
Showing results for 
Search instead for 
Did you mean: 

SPNego configuration on MSCS

Former Member
0 Kudos

Hi All,

We have EP7 installed with MSCS (Windows 64 bit with Oracle) for high availability. The configuration is as under:

SCS instance & Database running on Cluster

CI running on Node B outside of Cluster

DI running on Node A outside of Cluster

We are in the process of configuring SPNego for windows integrated authentication and would like to clarify against which servers setspn command should be executed on Domain Server.

I plan to run:

setspn -A HTTP/Node B <Username>

setspn -A HTTP/Node A <Username>

setspn -A HTTP/SAPClustername <Username>

Is it correct/sufficient?

Your thoughts on this would be appreciated.

Regards

Chandu

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Chandu,

From your description, I can understand that you are trying to implement Kerberos authentication to enable windows users to login into portal with out providing user id and password.

It works only in scenarios with separate portal installation. If it is a ABAP + Java installation, you can not implement Kerberos authentication.

If it is seperate Java stack, let me know... May be i can help regarding this...

And about the setspn command, setspn for CI is sufficient.

Regards,

Nadh

Answers (1)

Answers (1)

former_member110461
Active Contributor
0 Kudos

Sounds correct to me. The important thing I believe is the virtual clustername which the users are accessing it via.

Paul

Former Member
0 Kudos

Thanks. Portal installed on Java Web AS.

Since CI is not SPOF, I guess i need to run setspn command for dialog instance as well.

Anyone implemented similar to our landscape mentioned above?

Regards

Chandu

Former Member
0 Kudos

Hi,

Just to clarify SETSPN command can't be run against SAP virtual cluster name as virtual cluster name is not an object in the Active Directory.

Regards

Chandu

Former Member
0 Kudos

Resolved and it's working for me.

The commands to run on Domain Server:

setspn -A HTTP/Node B <Username>

setspn -A HTTP/Node A <Username>

Regards

Chandu