Skip to Content
avatar image
Former Member

Still asking for Username and Password after configuring SPNEGO mechanism

I have configured SPNEGO entirely referring the steps given on SDN forums

1 - /people/holger.bruchelt/blog/2008/01/09/configuring-and-troubleshooting-spnego--part-1

2 - /people/holger.bruchelt/blog/2008/01/15/configuring-and-troubleshooting-spnego--part-2

3 - /people/holger.bruchelt/blog/2008/01/24/configuring-and-troubleshooting-spnego--part-3

and also referring help.sap

Still I am getting the Login page for LDAP users.

I also found the a thread wherein it was mentioned about the same problem and the work around for that.

Work around was

Login to your Visual Admin, then go to -->Security Provider -->com.sun.security.jgss.accept -->Krb5LoginModule

Add a Parameter isInitiator and Value false. Save it and take a bounce of J2EE.

I also tried the same. Still it is asking me for username and password.

Is there a need to do any changes in authschemes.xml after uploading the new configuration file krb5.xml?

Or is there any other reason why this is not working?

Need help.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Sep 22, 2009 at 06:27 AM

    You can try to use the webdiag tool to collect traces and check where is the configuration failing

    https://service.sap.com/sap/support/notes/1045019

    Also you can use [this|https://wiki.sdn.sap.com/wiki/display/Security/SingleSign-onwithSPNego(NWAS+Java)] wiki page it has a nice collection of all the links useful for Configuring SPNego.

    Also I hope that you have configured internet explorer to "Enable Windows Integrated Authentication" ( Go to Tools Menu-> Internet Options->Advanced Tab)

    Thanks,

    GLM

    Add comment
    10|10000 characters needed characters exceeded

    • Hi,

      did you read the note? Ther's a few steps you have to take to make sure the Kerberos ticket is sent instead of NTLM. Try it from a couple of different locations as well. Also, use the kerbtray.exe tool to remove any tickets from the cache in case it sends the wrong Kerberos ticket.

      Marcel

  • avatar image
    Former Member
    Sep 22, 2009 at 06:32 AM
    Add comment
    10|10000 characters needed characters exceeded