Skip to Content
0

vint_trustedGetUsername=true - SSO works from appserver but not from webserver

5 days ago

22

avatar image

What do I need to do on the web server to allow SSO?

I can find documentation for SSO but it all seems to end at the appserver.. nothing on configuring the web server to make it work.

web server, tomcat/app server on Linux

split deployment - apache web server, tomcat on appserver

SSO to /BOE/BI works fine for http://APPSERVER:8080/BOE/BI

for http://WEBSERVER/BOE/BI

- from outside domain i get:

<html><head><SCRIPT>location.replace ( 'VintelaErrorServlet?vint_backURL=%2FInfoView%2Flogon.faces&vint_trustedGetUsername=true');</SCRIPT></head><body></body></html>

- from inside domain I am prompted for a username and password. if i do not give the username/password, I get the above error. If I do provide the username and password, I get the BI login screen, but no SSO happens.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Joe Peters 5 days ago
0

This is Win AD, right? You probably need an SPN for the web server's host name.

Share
10 |10000 characters needed characters left characters exceeded
Tim Ziemba
5 days ago
0

If you can access SAP support the white papers on setting up SSO all state this (as did the previous reply) our new KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070 says

"Create SPNs (In this example SPN's for CMS, and tomcat server FQDN and hostname are created) To NOTE: more SPN's will be needed if multiple web/apps DNS redirects, load balancers (the rule of thumb is to create FQDN and hostname for each URL that will be accessed by SSO i.e. url = http://loadbalancer.mydomain.com then the corresponding SPN's would be HTTP/loadbalancer and HTTP/loadbalancer.mydomain.com)"

-Tim

Share
10 |10000 characters needed characters left characters exceeded