Skip to Content
author's profile photo Former Member
Former Member

Single Sign On with Microsoft AD

Hi

I've tried to implement the single sign on with an Microsoft Active Directory. I followed several documentations on the sdn.sap.com but unfortunately it doesn't work yet.

I've done the following steps:

- created a user in the active directory j2ee-<SID>

- runned the "setspn ..." cmd on the kerberos machine (domain controller)

- runned the spnego wizard from the NW Administrator (http://portal:50000/nwa -> configuration management -> security -> spnego configuration)

- added the login module "SPNegoLoginModule" to the "ticket-policy configuration"

- modified the existing policy configuration "com.sun.security.jgss.accept" and added the SPNegoMappingLoginModule

- I am able to login with the domain user/password on the portal frontend

- internet explorer is configured to use integrated authentication and the portal website is in the intranet zone

When I open the portal site with Internet Explorer the site opens but i see the login screen. Therefor it doesn't automatically login. Which step did I miss?

Thanks for your answers,

Thierry

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Oct 09, 2008 at 10:36 AM

    Thierry,

    I think this issue has been resolved earlier by installing the right JDK version.

    Which JDK Veriosn that you have?

    See the solution for the SPNEGO Bug Fixing :

    http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6572805

    For any JDK Version simply add :

    isInitiator = false in your Visual Admin

    -->Security Provider -->com.sun.security.gss.accept -->Krb5LoginModule

    Parameter isInitiator and Value false. Save it and restart J2EE.

    Regards,

    Karthick Eswaran

    Edited by: Karthick Eswaran on Oct 9, 2008 6:39 AM

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Mar 12, 2009 at 06:04 PM

    Hi Thierry,

    can you please let me know how did you resolved it?

    Regards

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.