Skip to Content

vint_trustedGetUsername=true - SSO works from appserver but not from webserver

What do I need to do on the web server to allow SSO?

I can find documentation for SSO but it all seems to end at the appserver.. nothing on configuring the web server to make it work.

web server, tomcat/app server on Linux

split deployment - apache web server, tomcat on appserver

SSO to /BOE/BI works fine for http://APPSERVER:8080/BOE/BI

for http://WEBSERVER/BOE/BI

- from outside domain i get:

<html><head><SCRIPT>location.replace ( 'VintelaErrorServlet?vint_backURL=%2FInfoView%2Flogon.faces&vint_trustedGetUsername=true');</SCRIPT></head><body></body></html>

- from inside domain I am prompted for a username and password. if i do not give the username/password, I get the above error. If I do provide the username and password, I get the BI login screen, but no SSO happens.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    Apr 17 at 01:17 AM

    If you can access SAP support the white papers on setting up SSO all state this (as did the previous reply) our new KBA https://apps.support.sap.com/sap/support/knowledge/preview/en/2629070 says

    "Create SPNs (In this example SPN's for CMS, and tomcat server FQDN and hostname are created) To NOTE: more SPN's will be needed if multiple web/apps DNS redirects, load balancers (the rule of thumb is to create FQDN and hostname for each URL that will be accessed by SSO i.e. url = http://loadbalancer.mydomain.com then the corresponding SPN's would be HTTP/loadbalancer and HTTP/loadbalancer.mydomain.com)"

    -Tim

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 16 at 01:48 PM

    This is Win AD, right? You probably need an SPN for the web server's host name.

    Add comment
    10|10000 characters needed characters exceeded