Hi Experts,
We trying to setup the SSO between the AD and Portal. I made the follow configuration.
On Active Directory (AD)
- Created a Service User with password that never expires.
- selectd the option "Use DES encryption types for this account"
- Executed the command: setspn -A HTTP/servername username on the server name and on the DNS alias name.
On the configtool:
- I imported the dataSourceConfiguration_ads_readonly_db_with_krb5.XML file
- On the server name: <AD server host>
- Server Port: 389
- User: <service user created on AD>
- Password: <Password of service user created on AD>
- Checked the option "Use UME unique id with unique LDAP attribute and gave the service user created on AD as parameter.
- User path and Group Path were selected based on the AD info.
I tested the connection an the atuthentication that were sucessfull.
So I accessed Instance --> Server --> Services --> com.sap.security.core.ume.service and add the value krb5principalname;kpnprefix;dn on the ume.admin.addattrs key and set it
EP
- Openned EP 7 SP15 and called the SPNEGO Wizard, on the first step I just checked the Prerequisites.
- 2nd Step I provided Kerberos Realm: <domain name>
- KDC Host: <LDAP server>
- KDC Port: 88
- Service User Name: <service user name created on AD>
- Service User Password: <Password of service user name created on AD>
- LDAP Host: <LDAP server name>
- LDAP Port: 389
and clicked on Next.
On the 3rd step I selected the Resolution mode = prefixed base.
KPN Prefix: kpnprefix
kpnprefix: dn
and provided my user on AD to Test, but I got te error message: UME cannot resolve Kerberos principal name XXXX#XXXX.XXX.XX; check selected resolution mode.
Any idea about what can be missing or wrong?
Thanks
Armando
Edited by: Armando Martines Neto on Aug 8, 2008 11:40 AM