Skip to Content

vint_trustedGetUsername=true - SSO works from appserver but not from webserver

Apr 16 at 01:38 PM


avatar image

What do I need to do on the web server to allow SSO?

I can find documentation for SSO but it all seems to end at the appserver.. nothing on configuring the web server to make it work.

web server, tomcat/app server on Linux

split deployment - apache web server, tomcat on appserver

SSO to /BOE/BI works fine for http://APPSERVER:8080/BOE/BI


- from outside domain i get:

<html><head><SCRIPT>location.replace ( 'VintelaErrorServlet?vint_backURL=%2FInfoView%2Flogon.faces&vint_trustedGetUsername=true');</SCRIPT></head><body></body></html>

- from inside domain I am prompted for a username and password. if i do not give the username/password, I get the above error. If I do provide the username and password, I get the BI login screen, but no SSO happens.

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Tim Ziemba
Apr 17 at 01:17 AM

If you can access SAP support the white papers on setting up SSO all state this (as did the previous reply) our new KBA says

"Create SPNs (In this example SPN's for CMS, and tomcat server FQDN and hostname are created) To NOTE: more SPN's will be needed if multiple web/apps DNS redirects, load balancers (the rule of thumb is to create FQDN and hostname for each URL that will be accessed by SSO i.e. url = then the corresponding SPN's would be HTTP/loadbalancer and HTTP/"


10 |10000 characters needed characters left characters exceeded
Joe Peters Apr 16 at 01:48 PM

This is Win AD, right? You probably need an SPN for the web server's host name.

10 |10000 characters needed characters left characters exceeded